Problem: Proxy cleartext-password requests to remote IAS that only
Erling Paulsen
erling.paulsen at cc.uit.no
Sat Nov 3 14:16:45 CET 2007
Hi.
I have the following scenario:
[1]NAS <--> [2]FreeRADIUS <--> [3]IAS
[1] A NAS that supports RADIUS. It sends request-packets with
"User-Password" set
in cleartext.
[2] A FreeRADIUS server that proxies certain users (by realm) to another
server (IAS).
[3] An IAS (Windows RADIUS). The problem is that this server ONLY accepts
ms-chap1 or ms-chap2 session.
Is there a common way to bypass this problem, I cannot find any?
I was thinking it would be nice to let FreeRADIUS act as an
ms-chap session client on behalf of the NAS, and then in the end only
send ACCEPT/DENY back to the NAS instead of proxying directly to the IAS
(which denies cleartext logins). Is this possible in some way?
--
Erling Paulsen
More information about the Freeradius-Users
mailing list