On Thu, Aug 13, 2015 at 03:05:04PM +0200, Basile Bluntschli wrote:
My switch will have the radius server A configured. All radius requests will be sent to the radius server A. If supplicant X wants to authenticate with PEAP, radius server A would handle the full request. If Supplicant Z wants to authenticate with EAP-TLS radius server A would proxy the whole request to Radius Server B.
Is there a way to do this?
First thing that comes to mind is to look at the EAP type in the incoming EAP-Message, and update proxy-to-realm if it's EAP-TLS. Something like this: if (EAP-Message =~ /^0x........0d/) { update control { Proxy-To-Realm := 'remote_realm' } else { eap } but there may be cleaner ways to do it. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>