Proxy PEAP to one Radius Server - EAP-TLS to another Radius Server

Basile Bluntschli basile.bluntschli at gmail.com
Fri Aug 14 11:39:05 CEST 2015


Hi Matthew

thanks, I try to go route a) then.

If I find a way of doing so I would post it here.

Thanks
Basile


2015-08-14 10:46 GMT+02:00 Matthew Newton <mcn4 at leicester.ac.uk>:

> On Fri, Aug 14, 2015 at 09:33:08AM +0200, Basile Bluntschli wrote:
> > thanks for your anwser would you mind sharing what "not nice" solution
> may
> > could work?
>
> Something along the lines of
>
>   look up tuple(calling-station-id, user-name) in cache/db
>   if found { proxy }
>   else
>   {
>     eap
>     if (eap-type == "EAP-TLS" (or EAP-Message regex etc)) {
>       add tuple(calling-station-id, user-name) to cache/db
>       reject
>     }
>   }
>
> I'm sure you really don't want to do this. But you did ask.
>
> I would
>
> a) work out some other way to distinguish between the different
> types of clients; or
>
> b) do it all on one RADIUS server.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list