Proxy EAP-TLS as non-EAP
Alan DeKok
aland at deployingradius.com
Tue Apr 27 12:01:20 CEST 2010
Alok Shingala wrote:
> I am trying to setup FreeRadius server to handle EAP-TLS authentication
> with a WiMAX ASN GW.
> I have another Radius server which does not support EAP-TLS but stores
> the WiMAX QoS attribute values that need to be assigned to the user
> (user is identified by Calling-Station-ID).
> I have been going through all post archive for few days but have NOT
> been able to find a thread that directly answers my question.
>
> 1. How can I proxy the EAP-TLS request to a radius server which does not
> support EAP ? (I only need the Radius Attributes in the outer tunnel)
You'll need to run "radclient" in the "post-auth" section, as an
external program. This will be complicated, difficult, fragile, and
likely to not work at all.
i.e. you're better off exporting the WiMAX QoS data from the other
RADIUS server into a real database, and then using that. It's much
simpler and easier to manage.
Alan DeKok.
More information about the Freeradius-Users
mailing list