Hello, My overall plan is to authenticate from my Draytek 2600W ADSL router to a RSA ACE/Server which provides one-time passwords using a hardware SecurID keyfob.
The RSA ACE/Server supports authentication via SecurID (UDP/5500) or via RADIUS, but the RADIUS server only supports PAP and EAP authentication (there is a good reason for this), whilst the Draytek only supports MS-CHAP. Doh! I can however authenticate fine from the Draytek 2600 to FreeRadius 0.9.3 which I'm running on a Sun Ultra 5. I'm very pleased with FreeRadius - it's also working very well with Wireless 802.1X / EAP authentication. I was hoping to use the Proxy feature of FreeRadius to take the authentication request from the Draytek (MS-CHAP) and pass it on to the RSA ACE/Server (PAP), but when proxying, it would only use the same authentication scheme as sent from the Draytek (i.e. MS-CHAP). Is there any way to proxy a request and change the authentiation type at the same time - so take a MS-CHAP request from the Draytek and proxy it on to the RSA ACE/Server as a PAP request?? As a complete aside (and not high on my list), I was able to compile 0.9.3 OK, but couldn't compile 1.0.0pre1 at all - failed whilst compiling md4.c. Is this a common fault? I've not spotted anything on the lists about this. P.S. The RSA ACE/Server is also running on the Sparc 5. I'm running FreeRadius on UDP/1812 and RSA ACE/Server RADIUS on UDP/1645. If this fails, I do know that I can use Funk Proxy because it will take the MS-CHAP RADIUS request and forward that as a SecurID (UDP/5500) request to the ACE/Server. I'd rather use open source software though as I prefer the open development model (and would hope to contribute back one day). Thanks in advance. Simon Bond [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
