21 Jul
2014
21 Jul
'14
5:10 a.m.
Hi,
Has anyone ever tried something like this and got the setup working?
dont mess with the packets - dont just proxy the inner tunnel to the NPS, send all valid stuff at the outer layer to the NPS box for it to deal with (ie make it the end EAP termination tunnel). you know that nice setting (check cryptobinding) you see on the client? thats designed to check that the EAP termination is actually the same server that unwrapped the TLS in the first instance. use unlang to define the proxy group/realm - proxy stuff to the NPS that matches your desire. alan