Configuring proxy services

Edit online

RADIUS proxy configuration information is located in the proxy file in the /etc/radius directory.

The initial proxy file contains example entries. There are three fields in the proxy file: Realm Name, Next Hop IP address, and Shared Secret.

To configure proxy rules, select from the following::

 	  Configure Proxy Rules  

List all Proxy 
Add a Proxy 
Change / Show Characteristics of a Proxy 
Remove a Proxy
Select the List all Proxy option to read the /etc/radius/proxy file and display the three fields in column format. The following are the column headers: 
realm_name   next_hop_address  shared_secret

Select Add a Proxy to display the following screen. Information is retrieved from the panel and the data is appended to the bottom of the /etc/radius/proxy file.

Each hop of the proxy chain uses the shared secret between the two RADIUS servers. The shared secret is contained in the /etc/radius/proxy_file. The shared secret should be unique per proxy hop in the chain.

For more information about creating shared secrets, see /etc/radius/clients file.

To add a proxy, select from the fields as shown below:

             Add a Proxy 
*Realm Name                               []  (max 64 chars) 
*Next Hop IP address (dotted decimal)     [xx.xx.xx.xx] 
*Shared Secret                            []  (minimum 6, maximum 256 chars)
Selecting the Change/Show option displays a list of the realm names. The list is displayed in a pop-up screen and you must select a realm name.

The Remove a Proxy option displays a list of the realm names. The list is displayed in a pop-up screen and the user must select a realm name. After a name is selected, a verification pop-up screen is displayed before the realm is removed.

The following example is the proxy configuration information section of a radiusd.conf file: 
#------------------------------------------------------------------#
#       PROXY RADIUS Information                                   #
#                                                                  #
#                                                                  #
#   Proxy_Allow               :  ON or OFF. If ON, then the server #
#                                can proxy packets to realms it    #
#                                knows of and the following        #
#                                fields must also be configured.   #
#   Proxy_Use_Table           :  ON or OFF. If ON, then the server #
#                                can use table for faster          #
#                                processing of duplicate requests  #
#                                Can be used without proxy ON, but #
#                                it is required to be ON if        #
#                                Proxy_Use_Table is set to ON.     #
#   Proxy_Realm_name          :  This field specifies the realm    #
#                                this server services.             #
#   Proxy_Prefix_delim        :  A list of separators for parsing  #
#                                realm names added as a prefix to  #
#                                the username.  This list must be  #
#                                mutually exclusive to the Suffix  #
#                                delimiters.                       #
#   Proxy_Suffix_delim        :  A list of separators for parsing  #
#                                realm names added as a suffix to  #
#                                the username.  This list must be  #
#                                mutually exclusive to the Prefix  #
#                                delimiters.                       #
#   Proxy_Remove_Hops         :  YES or NO.  If YES then the       #
#                                will remove its realm name, the   #
#                                realm names of any previous hops  #
#                                and the realm name of the next    #
#                                server the packet will proxy to.  #
#                                                                  #
#   Proxy_Retry_count         :  The number of times to attempt    #
#                                to send the request packet.       #
#                                                                  #
#   Proxy_Time_Out            :  The number of seconds to wait     #
#                                in between send attempts.         #
#                                                                  #
#------------------------------------------------------------------#
Proxy_Allow               :   OFF
Proxy_Use_Table           :   OFF
Proxy_Realm_name          :
Proxy_Prefix_delim        :   $/
Proxy_Suffix_delim        :   @.
Proxy_Remove_Hops         :   NO
Proxy_Retry_count         :   2
Proxy_Time_Out            :   3