Hi,
This is the complete guide for IPASS Netserver
1) Edit the realm section of your radius.conf file (/etc/raddb/radius.conf).
Within the radius.conf file (/etc/raddb/radius.conf), there will be a section
containing your realm list. This section lists all of the realms known to
FreeRADIUS, and defines how they are handled. To enable FreeRADIUS to recognize
the IPASS/ prefix, locate the following section, edit the entry and uncomment
the section:
realm slash { format = prefix
delimiter = "/" }
When you are complete, the section should look as follows:
realm IPASS { format = prefix
delimiter = "/" }
2) Edit the authorization section of your radius.conf file
(/etc/raddb/radius.conf).
Within the radius.conf file (/etc/raddb/radius.conf), there will also be an
authorization section. This section defines how FreeRADIUS will authorize users.
You will want to ensure that the listings in this section are in the order shown
below to allow FreeRADIUS to perform authorization properly. The entry below
allows FreeRADIUS to preprocess all users against the hints or huntgroups files,
then to process all realms, and finally to look in the users file. The order of
the realm modules will determine the order in which the FreeRADIUS will try to
find a matching realm. You will need to add an entry for the IPASS prefix above
the line for the suffix to allow these users to be processed first. When
complete, this section should look similar to the example below:
authorize { preprocess
IPASS suffix
files }
3) Edit the pre-accounting section of your radius.conf file
(/etc/raddb/radius.conf).
Another section you will need to edit in the radius.conf file
(/etc/raddb/radius.conf) is the pre-accounting section. The following entry
allows FreeRADIUS to look for a proxy realm in the order that each realm is
listed, then to look at the acct_users file, and finally to preprocess users
using the hints file. You will need to add an entry for the IPASS prefix above
the line for the suffix to allow these users to be processed first. When
complete, this section should look similar to the example below:
preacct { IPASS
suffix files
preprocess }
When you have finished editing radius.conf, save and exit the file.
4) Edit the users file (/etc/raddb/users).
The users file (/etc/raddb/users) dictates how FreeRADIUS authenticates
users. You will need to ensure that there is a Default entry in the users file
similar to the one shown below. Please note that this is only an example of the
type of entry needed. If you already have a default entry, please let your iPass
technician know what it is before modification:
**Please do not add this if you already have a DEFAULT configuration declared
in your users file**
DEFAULT Auth-Type =Local
When you have finished editing the users file, save and exit the file.
5) Add the IPASS/ realm entry to your proxy.conf file
(/etc/raddb/proxy.conf).
To complete this configuration and allow FreeRADIUS to proxy iPass traffic to
your NetServer, you must add an entry for the IPASS/ prefix realm to your
proxy.conf file (/etc/raddb/proxy.conf). The following entry can be to this file
anywhere within the list of realm entries, provided it is placed above the
DEFAULT realm entry.
realm IPASS {
type = radius
authhost = IP.Address.of.NetServer:11812
accthost = IP.Address.of.NetServer:11813
secret =mysecret nostrip }
NOTE: The shared secret listed in the entry above must be the same value as
the secret of the NetServer found in the /usr/ipass/raddb/clients file of your
NetServer software.
When you have finished editing proxy.conf, save and exit the file.
6) When complete, restart your FreeRADIUS to allow these changes to take
effect.
Regards,Walter Perris
Senoir Network Enginner
Curanet N.V.
-
Original Message -
From: Alan DeKok
To: [EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 12:39 PM
Subject: Re: Freeradius and IPASS
Bart Van Daal <[EMAIL PROTECTED]> wrote:>
just a small question: > Do I need to configure anything special to
proxy to an Ipass netserver? Read 'radiusd.conf'. Look for
the word "IPASS" Alan DeKok.- List
info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html--
Incoming mail is certified Virus Free.Checked by AVG Anti-Virus (http://www.grisoft.com).Version: 7.0.206
/ Virus Database: 261.3.3 - Release Date:
12/2/2003
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.206 / Virus Database: 261.3.3 - Release Date: 12/2/2003