...
RADIUS/TLS: Using radsecproxy as an add-on to an existing RADIUS server
Goals and Prerequisites
This section describes a trimmed-down installation of radsecproxy which enables it to augment any RADIUS
server with RADIUS/TLS transport. More precisely, with this setup radsecproxy will:
...
| Include Page | ||||
|---|---|---|---|---|
|
Sample configuration
Most of the radsecproxy configuration file is static. Therefore, a template configuration file is provided at http://www.eduroam.org/downloads/docs/eduroam-cookbook-scripts.zip. A detailed explanation of this configuration file follows, but if you are unwilling to read it all, the comments should make the configuration file almost self-explanatory and you can start and experiment with it right after the initial installation, which is explained below.
Detailed explanation of configuration
This section goes through the template radsecproxy.conf line by line and explains the meaning of each stanza.
...
| Include Page | ||||
|---|---|---|---|---|
|
Client definition and request forwarding
To accept requests from the RADIUS server on localhost, this server needs to be listed as a client. That server may either use IPv4 or IPv6 for its communication, so both variants are defined. If your system is not IPv6-enabled, simply delete the stanza about client ::1. The _LOCAL_SECRET_ must match the secret which you configured in your RADIUS server for the server catering the DEFAULT realm.
...