Is it possible to terminate EAP/Authentication on an entirely different radius box through freeradius?
Max Palatnik
mpalatnik at wustl.edu
Fri Jul 10 21:09:05 CEST 2009
Thanks for the quick reply and your help. Setting up IAS/NPS is not a
problem. Assuming this is set up on the AD box, can we simply terminate
PEAP type connections or connections for a certain realm at their
IAS/NPS instead of at radiusd?
That is to say, all we want freeradius to do is recognize a certain
trigger and simply send the connection to IAS/AD for the entire
authentication and authorization process. We do not want to use samba
and ntlm_auth if such a thing is feasible for TTLS/MSCHAP, we simply
want the entire radius access-request from the NAS to go through to
their IAS from us.
Sincerely,
Max
Ivan Kalik wrote:
>> What we are wondering is if its possible to still have requests come
>> through to our freeradius box, and instead of providing the certificate
>> and proxying the contents of the inner tunnel to the AD box.. if its
>> possible to simply proxy the entire request, PEAP/MSCHAP and all
>> directly to their AD servers? They are hesitant to allow our freeradius
>> box to join the domain, and if its doable, a workaround would be the
>> preferred route.
>>
>
> No, domain controler is not a radius server. They would need to set up
> IAS. Freeradius can proxy to that thing.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list