freeradius proxy with 802.1x termination
John Gammons
jgammons at gmail.com
Wed Jan 6 18:22:19 CET 2010
After doing some more digging, I think I am catching onto this... somewhat.
It sounds like I need to have the Radius Proxy, authenticate the Outer
Identity of the EAP-TTLS session locally, while the Inner Identity is
proxied to the Home Radius server.
I have setup the Outer identity to be Anonymous at outer which is proxied
to LOCAL, while the Inner identity is @inner and proxied to Home
Radius. The problem is that when I run radiusd -x, I never see the
@outer message, so the @inner is getting forwarded as an EAP, instead
of only as a MS-CHAP-V2.
Anyone know what I am overlooking? I have a crude understanding of
this entire process at best, I know. :)
John
On Tue, Jan 5, 2010 at 12:08 PM, <jgammons at gmail.com> wrote:
> I am attempting to configure freeradius to terminate an 802.1x EAP-TTLS
> authentication, but forward/proxy the user/pass to another radius server. I
> can get it to standard proxy, and I can get it to function as a standalone
> radius server with EAP-TTLS, but can't seem to find any good information on
> how to do this....
>
> I assume someone has been there done that... any help would be greatly
> appreciated.
>
> Thanks,
> John
More information about the Freeradius-Users
mailing list