Terminate EAP-PEAP client connection at FreeRadius Proxy andproxy(forward) request as PAP

Ivan Kalik tnt at kalik.net
Sat Mar 22 14:06:35 CET 2008


You can't do that. Inner tunnel for PEAP is EAP-MSCHAPv2 and you can
proxy that. You can't transform that into PAP. If you have a look at
the thread you have quoted you will see that his users were using
EAP-TTLS PAP not PEAP.

Ivan Kalik
Kalik Informatika ISP


Dana 22/3/2008, "Ryan" <majereryan at gmail.com> piše:

>Sorry for being not specific enough. Was thinking of understanding how
>it works and then figure out the configuration myself.
>
>Basically I need to terminate a request that uses EAP/PEAP on the main
>radius and proxy the request to an inner radius server for
>authentication using PAP. What will I need to configure in order to
>get it forwarded correctly?
>
>Thanks/Regards,
>Ryan
>
>Ryan wrote:
>> Just read through some of the messages available on proxy tunneling.
>> I'm currently using 2.0.2 and read through the examples on inner
>> tunnel which seems to be able to do what I need. Can someone help by
>> providing more details on how it actually works?
>
> PEAP authentication is really SSL + authentication inside of the SSL
>tunnel.  So... the server handles authentication "outside" of the
>tunnel, and authentication "inside" of the tunnel as independent
>authentications.
>
> Do you have *specific* questions?  Asking "how does it work" is rather
>open-ended.
>
> Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list