How to proxy password from TTLS
Alan DeKok
aland at deployingradius.com
Sat Nov 3 00:47:28 CET 2007
Wolfgang Burger wrote:
> The output:
>
> mac339:~ system$ sudo radiusd -X
> FreeRADIUS Version 2.0.0-pre2, for host powerpc-apple-darwin8.10.0,
Hmm... grab the latest CVS version. It's now called 2.0.0-beta, and
it much better than -pre2. See raddb/sites-available/, and eap.conf for
samples of virtual servers. You can control the inner-tunnel
authentication COMPLETELY separately from everything else.
...
> Sending Access-Request of id 196 to XXX.XXX.XXX.XXX port 1645
...
> EAP-Message = 0x0200000c0162757267657277
You've configured it to proxy the OUTER session, not the inner one.
$ cd raddb/sites-enabled
$ ln -s ../sites-available/inner-tunnel
$ cd ../..
$ vi eap.conf
(un-comment "virtual_server = inner-tunnel".
$ vi sites-available/inner-tunnel
In the "authorize" section, add:
update control {
Proxy-To-Realm := "realm..."
}
And probably delete everything else from the "authorize" section.
This will tell the server to proxy the inner tunnel section to somewhere
else...
> Thank you for your help Alan.
> I wish any commercial product would have a support as good as yours.
<g> Some may argue. But they're WRONG!
Alan DeKok.
More information about the Freeradius-Users
mailing list