On Thu, 2007-09-13 at 01:25 -0700, fuki wrote:
Hi
At the moment I use FreeRADIUS to proxy eap peap mschapv2 request to a RADIUS server for authentication. The connecting machine submits in addition to the authentication information, some information about it's health state encrypted in the PEAP packets.
Is there a possibility to decrypt the packets on the FreeRADIUS Proxy, to get the health state, and forward the PEAP packets for authentication to the RADIUS server. Or in other words is there a possibility to determine the TLS-Connection on the FreeRADIUS proxy and to forward the PEAP packets to the RADIUS Server and how the FreeRADIUS proxy has to be configured?
You can certainly terminate the PEAP and still proxy the inner EAP-MSCHAP to another radius server; however as far as I am aware, FreeRadius doesn't yet have support for the various health state attributes, or for that matter >1 set of data inside the PEAP tunnel. In particular if you are talking about the Vista built-in health check packets, that uses PEAPv2 which FreeRadius doesn't support, and you won't be able to terminate.