EAP-TTLS/PAP and proxying

Samuel.Degrande Samuel.Degrande at lifl.fr
Mon Dec 5 23:34:16 CET 2005


Alan DeKok wrote:
> Samuel Degrande <Samuel.Degrande at lifl.fr> wrote:
> 
>>I use EAP-TTLS/PAP between a 802.1X supplicant and a radius
>>server. I would like to proxy the authentication to an other
>>radius server. So, is it possible to 'decapsulate' the authentication
>>protocol from EAP on the first radius server, and only send
>>user-name/user-password attributes to the central radius server ?
> 
> 
>   Yes.  Put the following into your "users" file to proxy the inner
> session for user "bob".
> 
> bob	FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
> 

After an observation of the radius output in debug mode, I did find that
FreeRADIUS-Proxied-To attribute (which is not documented, isn't it ?),
but I was not sure if it was the good way to do it.

Thanks for your reply (and thanks for freeradius :-) )





More information about the Freeradius-Users mailing list