Hi all,
I have been using Cistron for several years (a modified version of Cistron)
and I am now attempting to try FreeRadius but I need to maintain the
existing Cistron installation for a time while migrating users to the new
server/radius.
I have never done proxying of any sort in radius so I wanted to pose a
couple questions here before I dig into learning radius all over again.
1) Does the radius proxying the request from the NAS to a remote server look
like a NAS to the remote server? I mean does the remote sever know about the
originating NAS or is the request rewritten so the proxy is acting like a
NAS?
2) If the proxy looks like a NAS to the remote server then I would assume
that the remote server needs a client entry/secret for the proxy and not the
NAS..is this correct?
3) If the remote server knows about the originating NAS (if #2 is false)
then the remote server needs a client entry/secret for the originating
NAS??...correct?
4) Does the remote server need to have anything configured regarding
proxying or does it see the request just as a normal NAS packet even though
it is passing through another radius?
Once I understand the above then I can debug a little more and determine why
my remote server (original, currently operating radius) mangles the
password...watching the log on the remote server I see the password
mangled...I know, I know...check the secrets..done it, but I am a little
confused as to what secret needs to be where...the proxy? NAS?...
If someone feels really helpful...;) The next thing is figuring out how to
proxy/not proxy requests.
I want to point my NAS's to the new FreeRadius installation and auth/acct
requests for users with a realm/domain such as [EMAIL PROTECTED], which should
be authed/acct'd on the new FreeRadius install (not stripped either,
usernames include the domain on this box), but normal user requests such as
"bob" should be proxied to the original Cistron installation.
I kind of have an idea on how that will work....but any info would be very
much appreciated.
Thanks,
-Dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
