eap\leap proxy

carnold at dancon.com carnold at dancon.com
Wed Nov 30 17:36:36 CET 2005

I would like to proxy leap authentication requests to a non-leap compatible
radius server. This is a feature of the Cisco ACS product that I was hoping
FreeRadius would be able to do.

I have eap\leap working with my lab wireless access point using the local
users file. I have a realm setup and can proxy pap, chap , and mschap
to a remote radius server.

What I would like to do is have FreeRadius perform the eap\leap
request locally, and proxy a chap or mschap(v2) request with username and
password ( only ) to a remote ( non-eap ) radius server.


1) Does the current FreeRadius download have this capability and I just
   to configure it correctly?

2) Has anyone done eap\leap proxy this way with any success ( or not ) with
   Do you have a code hack you can share?

3) [to the developers] In the processing  eap\leap authentication request
    the code does the username and password get decoded to plain text in a
    if authenticated to the local users file? C file and line number,

If I am not able to get this working, I am looking at having to purchase 10
of Cisco's ACS at $4K each. I would like to avoid the cost and provide
authentication at each of my facilities.

Any input is welcome, thanks in advance....

Chris Arnold
Network Manager & Systems Architect

This message (including any attachments) contains confidential 
and/or proprietary information intended only for the addressee.  
Any unauthorized disclosure, copying, distribution or reliance on 
the contents of this information is strictly prohibited and may 
constitute a violation of law.  If you are not the intended 
recipient, please notify the sender immediately by responding to 
this e-mail, and delete the message from your system.  If you 
have any questions about this e-mail please notify the sender 
Ce message (ainsi que les eventuelles pieces jointes) est 
exclusivement adresse au destinataire et contient des 
informations confidentielles. La copie, la communication ou la 
distribution du contenu de ce message sans l'accord prealable de 
l'expediteur sont strictement interdits et peuvent constituer un 
delit. Si vous n'etes pas destinataire de ce message, merci de le 
detruire et d'avertir l'expediteur. Si vous avez des questions se 
rapportant a ce courrier electronique, merci de bien vouloir 
l'expediteur immediatement.

More information about the Freeradius-Users mailing list