How to proxy password from TTLS

Alan DeKok aland at deployingradius.com
Fri Nov 2 14:58:39 CET 2007


Wolfgang Burger wrote:
> I´m trying to add support for EAP-TTLS and I want to proxy the username
> and password of the inner TTLS session to another Radius-Server.

  That should work.

> Client doing TTLS --> FreeRADIUS --> 3rd-Party Backend-Server with
> database of Users
> 
> Forwarding of the packets is working.
> The Access-Request that FreeRADIUS sends to the backend-server uses the
> username entered at the client, but no password at all.
> If i add
>     User-Password := "validpassword"
> to preproxy_users, where "validpassword" is the valid password for the
> given username on the Backend-Server, everything works.

  Does the tunnel contain a clear-text password?  Debug mode will show this.

> What do I have to change, to use the password transmitted in the
> TTLS-Tunnel? Or do I have fundamental errors in my idea of how to do this?

  Run the server in debugging mode to see what it's doing, and post the
output here.

  Alan DeKok.



More information about the Freeradius-Users mailing list