1. a vpn client contacts the cisco box
2. the ciscop box forwards the request to the radius server for
authentication.
3. the radius server somehow proxies the request to the windows domain
server
4. the domain server reports back an ok to the radius server?
5. the vpn tunnel is setup.
What I can understand about freeRadius is that it is possible to proxy
authentication requests to other radius servers depending on domain names
and other fields. Is this correct?
Yes
Is this type of setup even doable with a Radius Server and if so could
anyone help me in the directions of some solid howto's as I'm fairly green
working with radius servers.
It's not very hard at all. See the "proxy.conf" file in the
distribution. Broadly speaking, assuming they are all logging in as
"[EMAIL PROTECTED]" you need:
modules {
# other modules
realm suffix {
format = suffix
delimiter = '@'
ignore_default = yes
ignure_null = yes
}
}
authorize {
preprocess
suffix
}
...the in proxy.conf for each customer:
realm domain.com {
type = radius
authhost = the.auth.server.domain.com:1812
accthost = the.acct.server.domain.com:1813
secret = TheRadiusSecret
nostrip
}
Hope someone has some input to this type of setup.
Regards
Christian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
