eap authentication and proxy radius
Alan DeKok
aland at ox.org
Wed Jan 18 01:15:29 CET 2006
Matteo Paoli <paoli at lenst.det.unifi.it> wrote:
> For example, the supplicant starts the eap-tls and the authentication is
> ok. But the server radius don't send Access Accept but it requests a new
> authentication (for example eap-md5). If also eap-md5 is ok, the
> supplicant is authenticated.
No. EAP doesn't work like that.
If that's what you want, I suggest PEAP with client certificates.
> It's possible that the first authentication is forwarded to remote
> radius server and the second one is resolved locally?
RADIUS doesn't work like that.
I have no idea what you're trying to do, but your proposed
implementation doesn't match how supplicants, EAP, or RADIUS works.
Alan DeKok.
More information about the Freeradius-Users
mailing list