Terminate EAP-PEAP client connection at FreeRadius Proxy and proxy(forward) request as PAP

[Ryan]

Ok, thanks for pointing this out.

I suppose I will have to either enable EAP on the radius for the EAP
request to be proxied or have MSCHAP configured on it. Though using
EAP will means I need to recompile the radius as I'm using the source
packages. The radius that I need to proxy to runs 1.1.7 with LDAP.

Do you have any advise on which will be a better approach?

Thanks/Regards,
Ryan

>  You can't do that. Inner tunnel for PEAP is EAP-MSCHAPv2 and you can
>  proxy that. You can't transform that into PAP. If you have a look at
>  the thread you have quoted you will see that his users were using
>  EAP-TTLS PAP not PEAP.
>
>  Ivan Kalik
>  Kalik Informatika ISP
>
>
>  Dana 22/3/2008, "Ryan" <majereryan at gmail.com> pi?e:
>
>  >Sorry for being not specific enough. Was thinking of understanding how
>  >it works and then figure out the configuration myself.
>  >
>  >Basically I need to terminate a request that uses EAP/PEAP on the main
>  >radius and proxy the request to an inner radius server for
>  >authentication using PAP. What will I need to configure in order to
>  >get it forwarded correctly?
>  >
>  >Thanks/Regards,
>  >Ryan
>  >
>  >Ryan wrote:
>  >> Just read through some of the messages available on proxy tunneling.
>  >> I'm currently using 2.0.2 and read through the examples on inner
>  >> tunnel which seems to be able to do what I need. Can someone help by
>  >> providing more details on how it actually works?
>  >
>  > PEAP authentication is really SSL + authentication inside of the SSL
>  >tunnel.  So... the server handles authentication "outside" of the
>  >tunnel, and authentication "inside" of the tunnel as independent
>  >authentications.
>  >
>  > Do you have *specific* questions?  Asking "how does it work" is rather
>  >open-ended.
>  >
>  > Alan DeKok.
>  >-
>  >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  >
>  >