EAP with a non EAP Radius server
Daniil Kharun
daniil at chics.ru
Sun Sep 27 09:41:56 CEST 2009
>
> I copied proxy-inner-tunnel from sites-available to sites-enabled
> I declared proxy-inner-tunnel in eap.conf but unfortunaly, EAP is
> still proxified
>
> *eap.conf*
> ttls {
> default_eap_type = mschapv2
> copy_request_to_tunnel = yes (or no)
> use_tunneled_reply = yes (or no)
> virtual_server = "proxy-inner-tunnel"
> }
>
> *proxy-inner-tunnel*
> server proxy-inner-tunnel {
> authorize {
> update control {
> Proxy-To-Realm := LOCAL
> }
> }
>
> authenticate {
> eap
> }
>
> post-proxy {
> eap
> }
> }
Use <proxy_tunneled_request_as_eap = no> in eap.conf.
Example for EAP-PEAP:
eap.conf:
eap {
default_eap_type = mschapv2
timer_expire = 60
ignore_unknown_eap_types = yes
cisco_accounting_username_bug = no
max_sessions = 2048
tls {
...
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = no
virtual_server = "proxy-inner-tunnel"
}
mschapv2 {
}
}
proxy-inner-tunnel:
server proxy-inner-tunnel {
authorize {
update control {
# You should update this to be one of your realms.
Proxy-To-Realm := "BILLING"
}
}
authenticate {
eap
}
post-proxy {
eap
}
}
proxy.conf:
realm BILLING {
authhost = 192.168.0.252:1812
secret = secret
}
--
Best regards, Daniil Kharun
More information about the Freeradius-Users
mailing list