How to proxy password from TTLS
Alan DeKok
aland at deployingradius.com
Fri Nov 2 14:58:39 CET 2007
Wolfgang Burger wrote:
> I´m trying to add support for EAP-TTLS and I want to proxy the username
> and password of the inner TTLS session to another Radius-Server.
That should work.
> Client doing TTLS --> FreeRADIUS --> 3rd-Party Backend-Server with
> database of Users
>
> Forwarding of the packets is working.
> The Access-Request that FreeRADIUS sends to the backend-server uses the
> username entered at the client, but no password at all.
> If i add
> User-Password := "validpassword"
> to preproxy_users, where "validpassword" is the valid password for the
> given username on the Backend-Server, everything works.
Does the tunnel contain a clear-text password? Debug mode will show this.
> What do I have to change, to use the password transmitted in the
> TTLS-Tunnel? Or do I have fundamental errors in my idea of how to do this?
Run the server in debugging mode to see what it's doing, and post the
output here.
Alan DeKok.
More information about the Freeradius-Users
mailing list