Proxy CHAP into EAP session

Alan Buxey alan.buxey at gmail.com
Fri Sep 22 20:50:04 CEST 2017


With PAP this can be done.... You can take the request then send it on via
external client in whatever form you want eg PEAP, capture the result and
send back relevant access accept or reject to the original NAS/client

I had to engineer such a thing for a previous client

But it's seriously nasty really.

alan



On 22 Sep 2017 7:41 pm, "Jonathan" <huffelduffel at gmail.com> wrote:

> I can also receive PAP (cleartext) and convert it.
>
> The problem I have is that the secondary backend only supports RADIUS EAP
> messages and it cannot be changed while the NAS doesn't support EAP
> messages..., so i need to somehow broker between the two.
>
> How could i tunnel CHAP inside of EAP-TTLS, that would be very useful.
>
> Can i do this somehow by calling / using radeapclient? even though i would
> need to catch the responses from radeapclient back...
>
>
> On Fri, Sep 22, 2017 at 8:20 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > On Sep 22, 2017, at 1:54 PM, Jonathan <huffelduffel at gmail.com> wrote:
> > >
> > > I'm looking for a way on how to proxy / recreate a session into an EAP
> > > session.
> > >
> > > STEPS
> > > 1
> > > normal RADIUS session with CHAP password
> > > Received by RADIUS server1
> > >
> > > 2
> > > RADIUS server1 converts/proxies it into a second RADIUS request but as
> an
> > > EAP session towards a RADIUS server2 which handles the full request.
> >
> >   It's not possible.
> >
> >   It may be theoretically possible to convert CHAP to EAP-MD5, but that
> > isn't very useful.
> >
> >   It may also be theoretically possible to tunnel CHAP inside of
> EAP-TTLS,
> > but that also isn't useful.  And FreeRADIUS can't do it.
> >
> >   The better question is why are you trying to do this?
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list