Terminate EAP-PEAP client connection at FreeRadius Proxy and proxy(forward) request as PAP

Alan DeKok aland at deployingradius.com
Fri Feb 1 09:10:11 CET 2008


Joakim Lindgren wrote:
> EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and
> outer tunnel but it will not work.

  <sigh>.  Read the FAQ about "it doesn't work".

> A. If an incoming user conn. against the FreeRadius Server (Nr1) is
> belonging to "OTHER" (LOCAL) domain then
> the EAP-TTLS tunnel is ended and validated against the LDAP.
>
> B. If an incoming user conn. against the FreeRadius Server (Nr1) is
> belonging to "SECURSERVER" domain then
> the EAP-TTLS tunnel is ended and PAP is proxied to other Radius (Nr 2)

  This is pretty trivial to do in 2.0.1.  You can configure the policy
pretty much as you wrote it.

  Alan DeKok.



More information about the Freeradius-Users mailing list