After doing some more digging, I think I am catching onto this... somewhat. It sounds like I need to have the Radius Proxy, authenticate the Outer Identity of the EAP-TTLS session locally, while the Inner Identity is proxied to the Home Radius server. I have setup the Outer identity to be Anonymous@outer which is proxied to LOCAL, while the Inner identity is @inner and proxied to Home Radius. The problem is that when I run radiusd -x, I never see the @outer message, so the @inner is getting forwarded as an EAP, instead of only as a MS-CHAP-V2. Anyone know what I am overlooking? I have a crude understanding of this entire process at best, I know. :) John On Tue, Jan 5, 2010 at 12:08 PM, <jgammons@gmail.com> wrote:
I am attempting to configure freeradius to terminate an 802.1x EAP-TTLS authentication, but forward/proxy the user/pass to another radius server. I can get it to standard proxy, and I can get it to function as a standalone radius server with EAP-TTLS, but can't seem to find any good information on how to do this....
I assume someone has been there done that... any help would be greatly appreciated.
Thanks, John