Wolfgang Burger wrote:
I´m trying to add support for EAP-TTLS and I want to proxy the username and password of the inner TTLS session to another Radius-Server.
That should work.
Client doing TTLS --> FreeRADIUS --> 3rd-Party Backend-Server with database of Users
Forwarding of the packets is working. The Access-Request that FreeRADIUS sends to the backend-server uses the username entered at the client, but no password at all. If i add User-Password := "validpassword" to preproxy_users, where "validpassword" is the valid password for the given username on the Backend-Server, everything works.
Does the tunnel contain a clear-text password? Debug mode will show this.
What do I have to change, to use the password transmitted in the TTLS-Tunnel? Or do I have fundamental errors in my idea of how to do this?
Run the server in debugging mode to see what it's doing, and post the output here. Alan DeKok.