The Moonshot project has been discontinued, and is no longer maintained by Jisc.

The information in this Wiki is kept merely for reference.

If you are interested in taking over the project, please contact us at trustandidentity@jisc.ac.uk.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

Creating a static Moonshot connection to a Moonshot IdP is straightforward:

Create a new file in /etc/raddb/sites-available called mainidp_localdomain:

/etc/raddb/sites-available/mainidp_localdomain
home_server mainidp_localdomain_server1 {
    ipaddr = 192.168.213.24
    port = 2083
    type = auth
    secret = radsec
    proto = tcp
    status_check = none
 
    tls {
        private_key_password = whatever
        private_key_file = ${certdir}/mainidp_localdomain.pem
        certificate_file = ${certdir}/mainidp_localdomain.pem
        ca_file = ${cadir}/mainidp_ca.pem
        dh_file = ${certdir}/dh
        random_file = ${certdir}/random
        fragment_size = 8192
        ca_path = ${cadir}
        cipher_list = "DEFAULT"
    }
}
 
home_server_pool mainidp_localdomain_authpool {
    home_server = mainidp_localdomain_server1
    home_server = ...
}
 
realm mainidp_realm {
    auth_pool = mainidp_localdomain_authpool
    nostrip
}
 
#  Invalid (but still valid for the time being) configuration
#realm mainidp_realm {
#    authhost = mainidp_localdomain_server1
#    secret = radsec
#    nostrip
#}

Link to the file in /etc/raddb/sites-enabled to enable it. 

Store a client certificate (client.pem) and the ca.pem from the identity provider in /etc/raddb/certs and call them mainidp_localdomain.pem and mainidp_ca.pem respectively.

Make sure they are readable by the radiusd group. 

Restart the server. 

Static connection is now enabled.

 

  • No labels