Hi, I was tryin to figure out if it is possible to proxy only the inner auth type of EAP-TTLS. The only information I could find on this is: http://lists.cistron.nl/pipermail/freeradius-users/2005-March/042098.html This talks about PEAP. Is the same possible for EAP-TTLS? Also i could not find any information about the attribute "proxy_tunnel_request_as_eap" mentioned in the previous mail. Can someone please point me to any documentation on how to configure the server to terminate the tunnel and proxy the inner auth type. Thanks in advance. Regards, -Sayantan
"Sayantan Bhowmick" <sbhowmick@novell.com> wrote:
This talks about PEAP. Is the same possible for EAP-TTLS?
Yes.
Also i could not find any information about the attribute "proxy_tunnel_request_as_eap" mentioned in the previous mail. Can someone please point me to any documentation on how to configure the server to terminate the tunnel and proxy the inner auth type.
The server terminates the tunnel by default. To proxy the inner session, do: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "foo" Which will proxy the inner session, as-is, to realm "foo". The "proxy_tunnel_request_as_eap" is strictly for PEAP, and if set to "no", the code converts EAP-MSCHAPv2 to plain old MSCHAPv2, before proxying it. Alan DeKok.
participants (2)
-
Alan DeKok -
Sayantan Bhowmick