Proxy PEAP to one Radius Server - EAP-TLS to another Radius Server
Matthew Newton
mcn4 at leicester.ac.uk
Fri Aug 14 10:46:40 CEST 2015
On Fri, Aug 14, 2015 at 09:33:08AM +0200, Basile Bluntschli wrote:
> thanks for your anwser would you mind sharing what "not nice" solution may
> could work?
Something along the lines of
look up tuple(calling-station-id, user-name) in cache/db
if found { proxy }
else
{
eap
if (eap-type == "EAP-TLS" (or EAP-Message regex etc)) {
add tuple(calling-station-id, user-name) to cache/db
reject
}
}
I'm sure you really don't want to do this. But you did ask.
I would
a) work out some other way to distinguish between the different
types of clients; or
b) do it all on one RADIUS server.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list