I'd like to proxy a request to another server after the EAP-TLS handshake is finished. I simply want to do a little more authorization that is already setup on another server. My other server is just a simple RADIUS server and doesn't do EAP, so proxying the EAP message won't work. I guess I'm looking for something like proxy-inner-tunnel configuration that is available for PEAP. Is something like this possible? I tried to add the following block to post-auth: update control { FreeRadius-Proxied-To := blah } It returns noop, though. Thanks, Andrew Olson
Andrew Olson wrote:
I'd like to proxy a request to another server after the EAP-TLS handshake is finished.
Which EAP type? PEAP, TTLS?
I simply want to do a little more authorization that is already setup on another server. My other server is just a simple RADIUS server and doesn't do EAP, so proxying the EAP message won't work. I guess I'm looking for something like proxy-inner-tunnel configuration that is available for PEAP.
This is available for TTLS, too. It is NOT available for EAP-TLS. Alan DeKok.
On Mon, Apr 14, 2008 at 11:32 AM, Alan DeKok <aland@deployingradius.com> wrote:
Andrew Olson wrote:
I'd like to proxy a request to another server after the EAP-TLS handshake is finished.
Which EAP type? PEAP, TTLS?
Sorry, my previous email was a little unclear. I want to do this with TLS. Basically, I want to authenticate the user with their certificate. Then, I want to proxy a radius request with the User-Name and a couple more attributes to another server to do some authorization. If there isn't an easy way to do this in post-auth, maybe shell script would work? -andrew
Andrew Olson wrote:
Sorry, my previous email was a little unclear. I want to do this with TLS. Basically, I want to authenticate the user with their certificate. Then, I want to proxy a radius request with the User-Name and a couple more attributes to another server to do some authorization.
EAP-TLS doesn't work that way.
If there isn't an easy way to do this in post-auth, maybe shell script would work?
Maybe. It's a very unusual thing to do. Alan DeKok.
participants (2)
-
Alan DeKok -
Andrew Olson