Proxy EAP-TLS as non-EAP

Alan DeKok aland at
Tue Apr 27 12:01:20 CEST 2010

Alok Shingala wrote:
> I am trying to setup FreeRadius server to handle EAP-TLS authentication
> with a WiMAX ASN GW.
> I have another Radius server which does not support EAP-TLS but stores
> the WiMAX QoS attribute values that need to be assigned to the user
> (user is identified by Calling-Station-ID).
> I have been going through all post archive for few days but have NOT
> been able to find a thread that directly answers my question.
> 1. How can I proxy the EAP-TLS request to a radius server which does not
> support EAP ? (I only need the Radius Attributes in the outer tunnel)

  You'll need to run "radclient" in the "post-auth" section, as an
external program.   This will be complicated, difficult, fragile, and
likely to not work at all.

  i.e. you're better off exporting the WiMAX QoS data from the other
RADIUS server into a real database, and then using that.  It's much
simpler and easier to manage.

  Alan DeKok.

More information about the Freeradius-Users mailing list