EAP-TTLS/PAP and proxying
Samuel.Degrande
Samuel.Degrande at lifl.fr
Mon Dec 5 23:34:16 CET 2005
Alan DeKok wrote:
> Samuel Degrande <Samuel.Degrande at lifl.fr> wrote:
>
>>I use EAP-TTLS/PAP between a 802.1X supplicant and a radius
>>server. I would like to proxy the authentication to an other
>>radius server. So, is it possible to 'decapsulate' the authentication
>>protocol from EAP on the first radius server, and only send
>>user-name/user-password attributes to the central radius server ?
>
>
> Yes. Put the following into your "users" file to proxy the inner
> session for user "bob".
>
> bob FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
>
After an observation of the radius output in debug mode, I did find that
FreeRADIUS-Proxied-To attribute (which is not documented, isn't it ?),
but I was not sure if it was the good way to do it.
Thanks for your reply (and thanks for freeradius :-) )
More information about the Freeradius-Users
mailing list