> in our network is a normal freeradius server for authentication. With
> Packetfence and IEEE 802.1x i would like ask the existing Radius server
> from my packetfence, short:
>
> Packetfence with local Radius > exsisting Radius > LDAP (ADS)
>
> If it is possible, where can i find an howto?
This is more FreeRADIUS help you are looking for.
Roughly, you need to proxy the authentication to another server.
Inner-Tunnel Proxying (inner as in 802.1X)
Create a proxy inner-tunnel virtual server
server proxy-inner-tunnel {
authorize {
update control {
Proxy-To-Realm := "ExistingRadius"
}
}
post-auth {
exec
perl
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
} # inner-tunnel server block
Then create the realm in proxy.conf
realm ExistingRadius {
authhost = <ip>:1812
secret = <secret>
}
Change the eap.conf to point to the proxying virtual server
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "proxy-inner-tunnel"
}
Something like that.
--
Olivier Bilodeau
obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
