freeradius proxy with 802.1x termination
Alan DeKok
aland at deployingradius.com
Wed Jan 6 21:43:15 CET 2010
John Gammons wrote:
> After doing some more digging, I think I am catching onto this... somewhat.
>
> It sounds like I need to have the Radius Proxy, authenticate the Outer
> Identity of the EAP-TTLS session locally, while the Inner Identity is
> proxied to the Home Radius server.
Yes.
> I have setup the Outer identity to be Anonymous at outer which is proxied
> to LOCAL,
Er... no. Don't proxy it.
> while the Inner identity is @inner and proxied to Home
> Radius. The problem is that when I run radiusd -x, I never see the
> @outer message, so the @inner is getting forwarded as an EAP, instead
> of only as a MS-CHAP-V2.
See eap.conf, proxy_tunneled_request_as_eap.
> Anyone know what I am overlooking? I have a crude understanding of
> this entire process at best, I know. :)
See doc/aaa.txt for a simple introduction to the process.
Alan DeKok.
More information about the Freeradius-Users
mailing list