Hello,
Im resending agian this question with a hope that someone can respond.
-Opprinnelig melding-
Fra: freeradius-users-bounces+saleh.abuzid=hist...@lists.freeradius.org
[mailto:freeradius-users-bounces+saleh.abuzid=hist...@lists.freeradius.org] På
vegne av freeradius-users-requ...@lists.freeradius.org
Sendt: 20. juli 2010 20:37
Til: freeradius-users@lists.freeradius.org
Emne: Freeradius-Users Digest, Vol 63, Issue 75
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. proxy everyone (marco perugini)
2. Re: Redirection to the NAS of an external CoA request (newtownz)
3. Re: proxy everyone (Alan DeKok)
4. Re: Redirection to the NAS of an external CoA request (Alan DeKok)
5. Re: Acct-Interim-Interval not working (Alan DeKok)
6. AD groups in user file for dynamic Vlans (Saleh Abuzid)
--
Message: 1
Date: Tue, 20 Jul 2010 19:12:45 +0200
From: marco perugini m.perug...@4it.it
Subject: proxy everyone
To: freeradius-users@lists.freeradius.org
Message-ID: 4c45d90d.2070...@4it.it
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
hi list!
i'm setting up my freeradius architecture with a single proxy and
multiple servers;
here's my scenario:
freeradius server # 1 - my own server [realm local.net]
freeradius server # 2 - external server [realm ext.net]
freeradius proxy - i know everything about users i proxy towards my
server [# 1] but i don't know anything about users i proxy towards
external server [# 2]. i would proxy every_usern...@ext.net just to log
requests.
so this is my question for you: can i use rlm_realm to proxy an entire
realm without knowing the usernames just to trace auth/acct requests? or
i'm crazy at all?
i hope you'll understand my question. ;)
thanks,
duffy
--
Message: 2
Date: Tue, 20 Jul 2010 10:38:32 -0700 (PDT)
From: newtownz jean...@sympatico.ca
Subject: Re: Redirection to the NAS of an external CoA request
To: freeradius-users@lists.freeradius.org
Message-ID: 29216134.p...@talk.nabble.com
Content-Type: text/plain; charset=us-ascii
Here are a few lines from my cfg files:
In radiusd.conf:
proxy_requests = yes
$INCLUDE proxy.conf
In proxy.conf:
#(this is where I want to forward)
home_server aruba {
type = coa
ipaddr = xx.yy.110.148
port = 1812
src_ipaddr = xx.yy.110.128
coa {
# Initial retransmit interval: 1..5
irt = 2
# Maximum Retransmit Timeout: 1..30 (0 == no maximum)
mrt = 16
# Maximum Retransmit Count: 1..20 (0 == retransmit forever)
mrc = 5
# Maximum Retransmit Duration: 5..60
mrd = 30
}
secret = testing123
}
home_server_pool to_aruba {
home_server = aruba
}
###Not really sure about the validity of the last 3 lines...
And now I'm puzzled as to how to set the Home-server-pool
as stated in recv-coa section of coa:
recv-coa {
# CoA Disconnect packets can be proxied in the same
# way as authentication or accounting packets.
# Just set Proxy-To-Realm, or Home-Server-Pool, and the
# packets will be proxied.
I tried to find the way that it is done for authentication packet
and did not succeed.
Also I just want to know if my understanding about the whole
process of proxying the CoA is right:
The default server config file is of no use here, in the coa
I have to state somehow that I want the request to be forwarded
to the controller and in the proxy.conf file I have to create
this controller-server so that freeradius won't complain about
an unknown IP address.
Jean
Alan DeKok-2 wrote:
newtownz wrote:
I'm trying to figure out how to send a CoA from freeRadius
to the NAS. The set-up I have involves two servers and an
Aruba controller.
i.e. proxying CoA packets through FreeRADIUS to the NAS.
While this should work, it's not a deeply tested scenario.
In this test set-up the client authenticates locally on the
freeRadius server. The server listen on port 3799 for a CoA request
that is generated from another computer, the freeRadius accepts
the request and sends a ACK to the generator but it does not
send anything to the NAS,
Did you configure the server to proxy the