terminating EAP tunnels, proxy and realms
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Sat Jun 23 15:45:59 CEST 2007
Alan DeKok wrote:
> Andreas Liebe wrote:
>
>> I do not want to terminate the EAP tunnels for the foreign realms, but I
>> have to terminate the local one (@tu-darmstadt.de and NULL) as I have to
>> forward the requests to a set of internal radius servers not capable of
>> speaking EAP.
>>
>
> Set Proxy-To-Realm := LOCAL for the realms you want to terminate
> locally. Make sure that this is done before the "eap" module is run in
> the "authorise" section.
>
> Then, put the following in the "users" file to proxy the inner request
> to another realm:
>
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm = oldservers
>
> 2.0.0 should have a much more fine-grained way to control this.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
So the eap module extracts the attributes encoded in the eap message ? I
can see that working for EAP GTC and EAP PAP but not MschapV2 ?
More information about the Freeradius-Users
mailing list