Proxy EAP-TTLS inner auth type

Alan DeKok aland at ox.org
Thu Jun 2 19:42:37 CEST 2005


"Sayantan Bhowmick" <sbhowmick at novell.com> wrote:
> This talks about PEAP. Is the same possible for EAP-TTLS?

  Yes.

> Also i could not find any information about the attribute 
> "proxy_tunnel_request_as_eap" mentioned in the previous mail. 
> Can someone please point me to any documentation on how to 
> configure the server to terminate the tunnel and proxy the 
> inner auth type.

  The server terminates the tunnel by default.  To proxy the inner
session, do:

DEFAULT	 FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "foo"

  Which will proxy the inner session, as-is, to realm "foo".

  The "proxy_tunnel_request_as_eap" is strictly for PEAP, and if set
to "no", the code converts EAP-MSCHAPv2 to plain old MSCHAPv2, before
proxying it.

  Alan DeKok.




More information about the Freeradius-Users mailing list