Firs of all thanks for your reply. I'll try to be more specific.
On Feb 5, 2008 2:58 PM, Alan DeKok [EMAIL PROTECTED] wrote:
Jakub Morávek wrote:
I have not many experiences with radius, so my question may be
stupid. Has anybody experience with using freeradius (Version 1.1.3 in
Debian Sarge) as proxy for RSA RADIUS Server included in RSA
Authentication Manager 6.1?
Many people have tried this. It works.
I know, but I did not find anyone who discussed this problem.
When authentication request goest through freeradius proxy, RSA Manager
thinks that Agent host is my freeradius proxy instead of original host
which sent authenticate request.
I don't know what an Agent host is. FreeRADIUS *is* a RADIUS client
to the RSA manager.
In RSA terminology Agent hosts is host which sends authetication request.
For example, if you want to setup ssh-server to authenticate ssh login
against RSA, you have to add ssh-server (name and it's ip address) into
RSA database and setup list of users, which are allowed to log into
ssh-server.
If user1 tries to access ssh-server, ssh-server sends authentication
request to RSA.
RSA looks into database if user1 is allowed to log into ssh-server host.
In my case RSA rejects user1 access, because RSA thikns, that user1
wants to log into freeradius and there is no freeradius Agent host
defined in RSA database.
Does this mean, that freeradius process all attributes from
pre-proxy-detail-20080204 log, but sends only attributes, which are
shown in extended debug mode? If so, can anybody give me any advice how
can I configure freeradius to send more attributes?
To do... what?
My idea is that freeradius does not send Client-IP-Address attribute and
therefore RSA RADIUS determines that original host is freeradius proxy
server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Jakub
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html