freeradius proxy with 802.1x termination

Alan DeKok aland at deployingradius.com
Thu Jan 7 18:55:24 CET 2010


John Gammons wrote:
> My client "Ubiquity Nanostation" only supports EAP-TTLS MSCHAPv2.
> 
> My NAS, only supports access-requests using PAP/CHAP passwords in clear-text.

  What does that mean?

> I am attempting to setup a "Radius Proxy" that terminates the EAP-TTLS
> outer, and takes MSCHAPv2 inner tunnel, and forwards a clear-text
> user/pass to the NAS for authentication.

  The NAS is a RADIUS client.  It originates Access-Requests.  It
doesn't receive them, and it definitely doesn't do authentication.

>  The more I read, the more I
> am getting the impression that this is not possible.  Is that the
> case?

  You can't convert MS-CHAP into PAP or CHAP.  And I have no idea what
you mean when you say the NAS does authentication.

  Alan DeKok.



More information about the Freeradius-Users mailing list