Fred MAISON wrote:
Is there any way to proxy freeradius unsupported eap-type to an external radius ?
EAP does not allow this. By the time EAP has decided on an EAP type, the EAP conversation is well underway. Changing it mid-stream to another server won't work.
I have a working setup using inner-tunnel. If I understand correctly, in this case, inner-eap are tunneled to localhost on port 1814 by default.
Sort of. It's not really proxied, but the basic idea is the same.
My goal is to have eap-juac (Juniper/Funk Software) tunneled to a Juniper UAC device.
Does that appear inside of a TLS tunnel? If so, the *inner* session can be proxied. Otherwise... no, it can't be proxied.
I try to avoid my actual proxy setup where a specific real is tunneled to UAC. The problem is that end-users can bypass UAC proxying by simply changing their domain identity ...
Then how will they be authenticated locally? *Why* would you authenticate them locally? Alan DeKok.