scripting pap off to eapol_test?
I'm thinking of passing received PAP username and password on a realm/proxy basis to eapol_test to transform a PAP request into a proxied EAP request for further authentication upstream towards a 3rd party radius which only accepts secured EAP-PEAP:mschapv2 requests. If this would be possible, what would be the easiest way to do this from within a proxy config? scenario: 1) hotspot pap send to freeradius 2) freeradius matching realm, transform to eap-peap:mschapv2 request and proxy to upstream 3rd party server
On Aug 6, 2020, at 5:17 AM, Jonathan <huffelduffel@gmail.com> wrote:
I'm thinking of passing received PAP username and password on a realm/proxy basis to eapol_test to transform a PAP request into a proxied EAP request for further authentication upstream towards a 3rd party radius which only accepts secured EAP-PEAP:mschapv2 requests.
If this would be possible, what would be the easiest way to do this from within a proxy config?
Just execute a program. It will likely have to be a shell script wrapper which creates a configuration file in /tmp, and then passes that to eapol_test. It will "work" for various definitions of "work". If things are OK, users will be authenticated. But if the back-end server goes down, no RADIUS fail-over will happen. Instead, the script will wait, and will block FreeRADIUS. People should just allow PAP. Alan DeKok.
participants (2)
-
Alan DeKok -
Jonathan