Proxy Radius Server
Hi , Which protocol is used to communicate between two radius servers? Regards, Riz. Piro Magic <[EMAIL PROTECTED]> wrote: (Sorry for my english :-) )Hi all, I have a little problem.I'd like to test my freeradius 1pre3 and I want toknow how to make it.I'd like to test VPN, dialup, and adsl accesses.What kind of test can I make ?I have freeradius 1pre3 on a RedHat9 machine and anCisco 5300 Access server.Thanx for all , have a good day.__Do you Yahoo!?New and Improved Yahoo! Mail - Send 10MB messages!http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!
Re: Proxy Radius Server
radius :) - Original Message - From: Cool Man To: [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 10:31 AM Subject: Proxy Radius Server Hi , Which protocol is used to communicate between two radius servers? Regards, Riz. Piro Magic <[EMAIL PROTECTED]> wrote: (Sorry for my english :-) )Hi all, I have a little problem.I'd like to test my freeradius 1pre3 and I want toknow how to make it.I'd like to test VPN, dialup, and adsl accesses.What kind of test can I make ?I have freeradius 1pre3 on a RedHat9 machine and anCisco 5300 Access server.Thanx for all , have a good day.__Do you Yahoo!?New and Improved Yahoo! Mail - Send 10MB messages!http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!?Yahoo! Mail - 50x more storage than other providers!
Setting up a proxy radius server
I've just setup freeradius just using ./configure, make and make install. By the docs its setup to do proxy. In plain language what conf files need to be edited. I've edit client.conf and proxy.conf and can't get any proxying happening. Regards Stephen Petersen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting up a proxy radius server
"Stephen Petersen" <[EMAIL PROTECTED]> wrote: > By the docs its setup to do proxy. > In plain language what conf files need to be edited. clients.conf & proxy.conf > I've edit client.conf and proxy.conf and can't get any proxying happening. Try running it debug mode, as suggested in the FAQ, README, and INSTALL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius as radius and proxy radius server
hi all, can freeradius work as a radius server and at the same time as a proxy radius server? if this is possible, has anyone found good links/resources on how to set this up? thanks. regards, marc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius as radius and proxy radius server
Hi Marc, > can freeradius work as a radius server and at the same time > as a proxy radius server? if this is possible, has anyone Yes. > found good links/resources on how to set this up? Have you read the docs that come with freeradius? Looked at the example configuration files? Done any searches of this list or google? Its not very difficult to set up, depending on the logic you wish to use to determine which requests to handle locally, and which requests to proxy. If you have more specific questions based on what you're trying to achieve, then the people on this list will be able to help you more easily... once you've had a go yourself ;-) Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting with a proxy radius server and primary server
Hello , In the past, i had one server radius and acounnting was configured . No problem No, I would like to have : Proxy radius (it just proxy all request to other radius) -> Primary radius -> Secondary radius -> Default Radius In order to setup the proxy radius on the same pc,i have paste all my conf file of the server radius in a new directory and i have just modify : raddbdir to change the directory of the files for my new proxy radius. Nothing else to change for accounting ? The prmary radius is already started and when i launch the proxy radius (with radiusd -d /proxy -x), it tells me that permission was denied on users, db.daily etc... there are all permissions on these files. Why ? When i comment all the line of accounting, it works fine ! i would like to know why it d'oenst work with accounting ? What i have to do in order to have all accounting ? make accounting on proxy or accounting on primary ? help me Thanks welcome for your suggestion Nans delrieu Accédez au courrier électronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34/mn) ; tél : 08 92 68 13 50 (0,34/mn) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Radius server with primary and secondary don't work, Strange ?
Hello, I want to have a secondary server radius if primary fall.
I think my configuration is good but when I use radtest, the proxy
radius server doenst't proxy the request to the secondary radius server.
In order to test my configuration the primary server doesn't exist (
it's a pc but not a radius server)
After lots of requests, the verbose mode give me that :
marking authentication server primary.domain.com:1645 for realm
domain.com deadSending Access-Reject of id 94 to 127.0.0.1:32770
after that it's send me an Acess Reject ??
The proxy radius server configuration doesn't send request to secondary
server ??
strange ?
Is there another place to notify to proxy to send request to secondary
server ?
I don't understand why this configuration doens't work ??
My configuration :
Server Proxy radius
clients.conf
client 127.0.0.1 { #Server Proxy Radius (proxy.enseeiht.fr)
secret= rad1
shortname = proxy
nastype = other
}
client primary.domain.com { # Serveur Primaire
secret = rad1
shortname = primary
nastype= other
}
client secondary.domain.com { # Serveur Secondaire
secret = rad1
shortname = secondary
nastype= other
}
proxy.conf
proxy server {
synchronous = no
retry_delay = 5
dead_time = 2 #(I have tested other values but didn't work)
default_fallback = yes
post_proxy_authorize = yes
}
realm domain.com {
type = radius
authhost = primary.domain.com:1812
accthost = primary.domain.com:1813
secret = primaryradius
}
realm domain.com {
type = radius
authhost = secondary.domain.com:1812
accthost = secondary.domain.com:1813
secret = secondaryradius
}
etc
Configuration Primary Server
clients.conf
client 127.0.0.1 { #Server Primare Radius
secret= primaryradius
shortname = primary
nastype = other
}
client proxy.domain.com { # Serveur Proxy
secret= primaryradius
shortname = proxy
nastype = other
}
proxy.conf
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Configuration Secondary Server
clients.conf
client 127.0.0.1 { #Server Primare Radius
secret = secondaryradius
shortname = secondary
nastype= other
}
client proxy.domain.com { # Serveur Proxy
secret = secondaryradius
shortname = proxy
nastype= other
}
proxy.conf
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
___[ Pub ]
Envie de discuter gratuitement avec vos amis ?
Téléchargez Yahoo! Messenger http://yahoo.ifrance.com
_
Envie de discuter gratuitement avec vos amis ?
Téléchargez Yahoo! Messenger http://yahoo.ifrance.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Radius server with primary and secondary don't work, Strange ?
Nans Delrieu wrote:
Hello, I want to have a secondary server radius if primary fall.
I think my configuration is good but when I use radtest, the proxy
radius server doenst't proxy the request to the secondary radius
server.
It will mark the server as dead and send the NEXT request to the fallback.
In order to test my configuration the primary server doesn't exist (
it's a pc but not a radius server)
Ok, should bo ok to test.
After lots of requests, the verbose mode give me that :
marking authentication server primary.domain.com:1645 for realm
domain.com deadSending Access-Reject of id 94 to 127.0.0.1:32770
after that it's send me an Acess Reject ??
Yes, that's how it works.
Try again and it should then proxy to the secondary.
The proxy radius server configuration doesn't send request to
secondary server ??
strange ?
Try again after it marked primary as dead.
Is there another place to notify to proxy to send request to secondary
server ?
No, only in proxy.conf
I don't understand why this configuration doens't work ??
My configuration :
Server Proxy radius
clients.conf
client 127.0.0.1 { #Server Proxy Radius (proxy.enseeiht.fr)
secret= rad1
shortname = proxy
nastype = other
}
Ok, so you can use radtest as client
client primary.domain.com { # Serveur Primaire
secret = rad1
shortname = primary
nastype= other
}
Your homeserver primary.domain.com should NOT be listed as a client here!
client secondary.domain.com { # Serveur Secondaire
secret = rad1
shortname = secondary
nastype= other
}
Your homeserver secondary.domain.com should NOT be listed as a client here!
proxy.conf
proxy server {
synchronous = no
retry_delay = 5
dead_time = 2 #(I have tested other values but didn't work)
default_fallback = yes
post_proxy_authorize = yes
}
dead_time is the amount of time (in seconds) that the server is marked as
dead, so give it a higher value like 120
If you send an auth request and the primary is down, you'll get an
Access-Reject. Then try again within those 120 seconds and it should proxy
to the secondary.
realm domain.com {
type = radius
authhost = primary.domain.com:1812
accthost = primary.domain.com:1813
secret = primaryradius
}
realm domain.com {
type = radius
authhost = secondary.domain.com:1812
accthost = secondary.domain.com:1813
secret = secondaryradius
}
Looks ok.
etc
Configuration Primary Server
clients.conf
client 127.0.0.1 { #Server Primare Radius
secret= primaryradius
shortname = primary
nastype = other
}
client proxy.domain.com { # Serveur Proxy
secret= primaryradius
shortname = proxy
nastype = other
}
proxy.conf
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Should be ok.
Configuration Secondary Server
clients.conf
client 127.0.0.1 { #Server Primare Radius
secret = secondaryradius
shortname = secondary
nastype= other
}
client proxy.domain.com { # Serveur Proxy
secret = secondaryradius
shortname = proxy
nastype= other
}
proxy.conf
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm domain.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Should be ok
Run the proxyserver with -X to see what it's doing.
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt -
Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot
service op www.telenet.be/hotspots
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to define freeradius as a proxy radius server and not a home server
helloI want to use Proxy Freeradius features.I have 2 proxy with 2 server A & B (primary).Home Radius A <-> Proxy A <---> Proxy B <-> Home Radius Bwhen i use radtest testuser password proxya auth secret. It works !but when i use radtest testuser password proxya:1814 auth secret. Proxy A tell me : "Ignoring request from unknown home server130.130.93.13:32779"When i would like to use attr_rewrite in order to modify packets fromProxy B, Proxy A see packet "proxy_reply" as reply. NOT PROXY_REPLY !! I think proxy A see Proxy B as a simple Home server.HOW to declare Proxy A and PROXY B as PROXY RADIUS SERVER and not home server.please help me
how to configure a proxy radius server but the username doesn't have any realm ?
Hi,
I want to configure a proxy radius server and the username doesn't have
any realm, just like 'tom'.
So I configure realm NULL section in proxy.conf file, but it doesn't
work, the error message in radiusd terminal when redius server received the
accounting message:
Proxying request 0 to home server 218.83.175.155 port 1813
The message can't be proxy to myProxyPool_1, I don't understand why the
home server become 218.83.175.155.
Can anybody help me? How to configure it ?
proxy.conf file:
#home server 1
home_server myProxyServer_1 {
type = auth+acct
ipaddr = 192.168.1.111
port = 1812
secret = testing123
require_message_authenticator = no
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 10
num_answers_to_alive = 3
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
#home server 2
home_server myProxyServer_2 {
type = auth+acct
virtual_server = localserver
}
# home server pool 1
home_server_pool myProxyPool_1{
type = fail-over
home_server = myProxyServer_1
home_server = myProxyServer_2
}
#realm
realm chuanwei.com {
auth_pool = myProxyPool_1
acct_pool = myProxyPool_1
nostrip
}
realm NULL {
authhost= myProxyPool_1
accthost= myProxyPool_1
secret = testing123
}
Freddy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to forward a request rejected by a proxy RADIUS server to another LDAP server?
I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server in `radiusd.conf' and they work well. I want to forward those requests rejected by the proxy RADIUS server to the LDAP server and re-authenticate them again. Can I do that in FreeRADIUS? And how? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to configure a proxy radius server but the username doesn't have any realm ?
freddychu wrote: > Hi, >I want to configure a proxy radius server and the username doesn't have > any realm, just like 'tom'. >So I configure realm NULL section in proxy.conf file, but it doesn't > work, the error message in radiusd terminal when redius server received the > accounting message: >Proxying request 0 to home server 218.83.175.155 port 1813 >The message can't be proxy to myProxyPool_1, I don't understand why the > home server become 218.83.175.155. The server does not invent random IP addresses for home servers. If that IP address shows up, it is because you put it into a configuration file. Go find that address, and fix the configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to forward a request rejected by a proxy RADIUS server to another LDAP server?
Clark J. Wang wrote: > I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server > in `radiusd.conf' and they work well. I want to forward those requests > rejected by the proxy RADIUS server to the LDAP server and > re-authenticate them again. Can I do that in FreeRADIUS? And how? Can't be done. The main reason it hasn't been implemented is that many Radius auth algorithms e.g. EAP involve multiple exchanges. You can't just "break into" the middle of a conversation. In principle it could be done for PAP, and I think CHAP and MS-CHAP. At the moment the easiest way would be to use an Exec-Program and radclient to issue the request to the proxy, and if it fails do the LDAP. Frequently when people ask to do this it's because most of their users live in a remote server but some live in an LDAP server. If that's the case, you can solve the problem other ways. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to forward a request rejected by a proxy RADIUS server to another LDAP server?
On 6/5/07, Phil Mayers <[EMAIL PROTECTED]> wrote: Clark J. Wang wrote: > I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server > in `radiusd.conf' and they work well. I want to forward those requests > rejected by the proxy RADIUS server to the LDAP server and > re-authenticate them again. Can I do that in FreeRADIUS? And how? Can't be done. The main reason it hasn't been implemented is that many Radius auth algorithms e.g. EAP involve multiple exchanges. You can't just "break into" the middle of a conversation. In principle it could be done for PAP, and I think CHAP and MS-CHAP. At the moment the easiest way would be to use an Exec-Program and radclient to issue the request to the proxy, and if it fails do the LDAP. Frequently when people ask to do this it's because most of their users live in a remote server but some live in an LDAP server. If that's the case, you can solve the problem other ways. Thank you very much :-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to define freeradius as a proxy radius server and not a home server (listening on proxy :1814 ??
hello I want to use Proxy Freeradius features. I have 2 proxy with 2 server A & B (primary). Home Radius A <-> Proxy A <---> Proxy B <-> Home Radius B when i use radtest testuser password proxya auth secret. It works ! but when i use radtest testuser password proxya:1814 auth secret . Proxy A tell me : "Ignoring request from unknown home server 130.130.93.13:32779" When i would like to use attr_rewrite in order to modify packets from Proxy B, Proxy A see packet "proxy_reply" as reply. NOT PROXY_REPLY !! I think proxy A see Proxy B as a simple Home server. HOW to declare Proxy A and PROXY B as PROXY RADIUS SERVER and not home server. please help me ___[ Pub ] Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com _ Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
