Is it possible to terminate EAP/Authentication on an entirely different radius box through freeradius?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Jul 10 21:55:34 CEST 2009
Hi,
> What we are wondering is if its possible to still have requests come
> through to our freeradius box, and instead of providing the certificate
> and proxying the contents of the inner tunnel to the AD box.. if its
> possible to simply proxy the entire request, PEAP/MSCHAP and all
> directly to their AD servers? They are hesitant to allow our freeradius
> box to join the domain, and if its doable, a workaround would be the
> preferred route.
yes, sure you can - they'll have to run IAS or NPS (ad2003 or ad2008 etc)
and then you simply proxy the whole shaboodle off to them to deal with
- then you dont need to play around with ntlm_auth etc etc. of course,
they'll have to put required certs onto their auth system but thats a minor
issue.
alan
More information about the Freeradius-Users
mailing list