terminate eap-ttls

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Jun 19 14:50:07 CEST 2013


Hi,

>    I have managed to setup a simple test using eapol_test as per
>    http://www.openlogic.com/wazi/bid/188089/Authenticating-Wi-Fi-Users-with-FreeRADIUS

thats a rather old...and random URL. why not look at official docs?

>    and it all works as described except that I have to use ca.pem instead of
>    server.pem. I think this might be because the example uses an older
>    version of FreeRadius?

yes, ca_cert="/home/carla/server.pem" is wrong. thats basically checking the RADIUS
server cert..not the CA....eapol_test wants to verify the CA with that config option.

>    What I really need to do is proxy the inner message to another Radius
>    server which will do the authentication but I cannot get this to work.
>    Whatever I try, I always see an EAP-Message avp heading off to the remote
>    server. I have looked at the proxy-inner-tunnel virtual server but am
>    unsure how to use it.

tell EAP to send the message to somewhere else other than inner-tunnel virtual server
the inner-tunnel virtual server is a local instance you need to proxy....so define a 
remote pool as per proxy.conf examples

alan


More information about the Freeradius-Users mailing list