Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 29 March 2024, 08:38:05 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14247 Posts in 4376 Topics by 6490 Members
Latest Member: maquino
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Endian Proxy with RADIUS Server
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian Proxy with RADIUS Server  (Read 17491 times)
uaccalogo
Jr. Member
*
Offline Offline

Posts: 8


« on: Thursday 27 February 2014, 11:53:17 am »


Has anyone ever configured the proxy service with Endian authentication with RADIUS server?
I'm trying to set it up but with no good results.
Any help  is very much appreciated !!

Regards.
Ennio
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #1 on: Friday 28 February 2014, 01:49:16 am »

Let me know if you get it done, I actually gave up and went with LDAP but I would like to get Radius working.
Logged
kikilinux
Full Member
***
Offline Offline

Posts: 47


« Reply #2 on: Sunday 02 March 2014, 09:08:03 pm »

me too
if anybody can configure radius please don't forget me.

best
Logged
uaccalogo
Jr. Member
*
Offline Offline

Posts: 8


« Reply #3 on: Tuesday 04 March 2014, 01:58:45 am »

After spending some nights, i found a solution for use Endian proxy with radius authentication.
I manually modify the file "/etc/squid/squid.conf.tmpl" adding two missing variables that identify radius users query, and another one that authorized this users as follow.



#end if
#if $AUTH_METHOD == "radius"
auth_param basic program ${LIB_EXEC_DIR}/basic_radius_auth -h ${RADIUS_SERVER} -p ${RADIUS_PORT}#if $RADIUS_IDENTIFIER != "" then " -i " + $RADIUS_IDENTIFIER else ""# -w ${RADIUS_SECRET}
auth_param basic children ${AUTH_CHILDREN}
auth_param basic realm ${AUTH_REALM}
auth_param basic credentialsttl ${AUTH_CACHE_TTL} minutes
    #if $AUTH_IPCACHE_TTL != "0"

authenticate_ip_ttl ${AUTH_IPCACHE_TTL} minutes
    #end if

    #for $rule in $RULES
        #if $rule.auth == 'user'
acl ${rule.for_} proxy_auth REQUIRED
        #elif $rule.auth == "group"
acl ${rule.for_} proxy_auth REQUIRED
        #end if
    #end for

#  MODIFIED BY ME - START

acl for_inet_users proxy_auth REQUIRED

#  MODIFIED BY ME - STOP



Go ahead and identify this part:


# http access to squid
## local machine has no restrictions
http_access allow   from_localhost
## GUI admin if local machine connects
http_access allow   from_green to_green_interface to_http_port
http_access allow   from_green to_green_interface to_https_port
http_access allow   CONNECT from_green to_green_interface to_https_port

#  MODIFIED BY ME - START

http_access allow   for_inet_users

#  MODIFIED BY ME - STOP

Save the file.
Now go into Proxy option end under authentication select "RADIUS"; rember to fill out REALM name authentication with the FQDN name of your domain.
Put your radius IP address, port, identifier and secret code.
Save.
Create rules into NAP server (I use Windows 2008 Server).

And all works for me.

Ennio





Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #4 on: Tuesday 04 March 2014, 08:15:25 am »

is inet_users the name of a group on your network or is it a term that originates in Endian?
Logged
uaccalogo
Jr. Member
*
Offline Offline

Posts: 8


« Reply #5 on: Tuesday 04 March 2014, 09:07:35 am »

It's a "variabile" originated by Endian.
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #6 on: Tuesday 04 March 2014, 09:39:44 am »

Ok thanks will try it out in a  days.  What do you use for your Radius server?
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #7 on: Tuesday 11 March 2014, 08:03:13 am »

ok it appears this stopped the proxy from working even though I am running ldap so not recommended unless you are actually running radius
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com