Alan DeKok wrote:
Samuel Degrande <Samuel.Degrande@lifl.fr> wrote:
I use EAP-TTLS/PAP between a 802.1X supplicant and a radius server. I would like to proxy the authentication to an other radius server. So, is it possible to 'decapsulate' the authentication protocol from EAP on the first radius server, and only send user-name/user-password attributes to the central radius server ?
Yes. Put the following into your "users" file to proxy the inner session for user "bob".
bob FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
After an observation of the radius output in debug mode, I did find that FreeRADIUS-Proxied-To attribute (which is not documented, isn't it ?), but I was not sure if it was the good way to do it. Thanks for your reply (and thanks for freeradius :-) )