On this page you will find instructions on how to set up a Moonshot RP Proxy on Debian 8 (Jessie) using FreeRADIUS. It also installs and configures the Trust Router client, if you are going to use the Trust Router infrastructure.
If your organisation already has a Moonshot Identity Provider, this can also be used as a Moonshot RP Proxy - you may not need to install a Moonshot RP Proxy as well.
Many of the steps outlined below are currently necessary, but we realise the install should be simpler. As the software matures and the packaging improves, we will to make this process easier with fewer manual steps required.
Install the Moonshot RP Proxy
We’re now ready to install the Moonshot software and its required dependencies. Install the software by running the following command:
Configure the Moonshot RP Proxy
Next, we need to configure the Moonshot RP.
Moonshot UI credential store
We need to enable the freeradius user to use the Moonshot UI flatstore:
Set up the FreeRADIUS and Trust Router users
To allow FreeRADIUS to read a key database for dynamic realm support, we need to place the FreeRADIUS user and the Trust Router users into each other's groups to allow them to read shared files of each other.
Next we need to configure RadSec. We do this by creating a file at
Dynamic Realm supprt
We next need to tell your FreeRADIUS server to support dynamic lookup of realms.
Channel Binding Support
We next need to configure your FreeRADIUS server to support channel bindings.
Configure the Trust Router Client
If you are going to connect your Moonshot RP Proxy to a Trust Router network, then the next step involves configuring the Trust Router client software and configuring its connection to a Trust Router.
Now that we have the Moonshot RP Proxy installed and configured, we're now ready to test!
Testing FreeRADIUS locally
The first test is to check whether FreeRADIUS is working in its most basic manner.
Testing the Trust Router connection
To test the connection to Trust Router, we need to make sure the Temporary Identity Server (TIDS) software is running, then use the Temporary Identity Client (TIDC) software to simulate a connection to the Trust Router.
Testing using the Temporary Identity Client (TIDC)
At this point, you now have a Moonshot RP that is working and registered with a Trust Router. Now for the next steps:
Automatically start the software
To automatically start FreeRADIUS, issue the following command (as root):
The next step is to configure the Moonshot RP Proxy to Talk to Applications/Services.