EAP Outer and Inner Tunnel Behaviour Discussion

tnt at kalik.net tnt at kalik.net
Tue Apr 7 15:03:48 CEST 2009


>
>No, I just want to let our user using an anonymous account as the outer user
>name for authentication to improve the security, and using the true account
>for inner tunnel.
>

It's a supplicant setting. Nothing to do with radius server.

>
>Because the administrator said that their user name all without suffix, so I
>want to setup a similar home radius to do the authentication without suffix
>user name (testing 3 show as below). but I got fail since if all accounts
>stored in file/DB without suffix just like user1, I can not pass the
>authentication with user1 at aaa.net in inner tunnel because I don't know (or
>it is impossible)

It is impossible. You either proxy that realm or you authenticate it
locally. How is the server supposed to know which ones to proxy and
which ones to check locally?

>You means that add a realm in proxy.conf of PROXY server OR in home terminal
>radius server?

Proxy server *is*the  home server when authenticating local accounts. Or
do you have another home server for such accounts? Apart from the one
you proxy to for someone else.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list