freeradius proxy with 802.1x termination

John Gammons jgammons at gmail.com
Thu Jan 7 20:37:55 CET 2010


Sorry, by NAS I was referring to the Home Radius Server (guess my
terminology was incorrect), but I guess that answers the question
anyways.

John



On Thu, Jan 7, 2010 at 12:55 PM, Alan DeKok <aland at deployingradius.com> wrote:
> John Gammons wrote:
>> My client "Ubiquity Nanostation" only supports EAP-TTLS MSCHAPv2.
>>
>> My NAS, only supports access-requests using PAP/CHAP passwords in clear-text.
>
>  What does that mean?
>
>> I am attempting to setup a "Radius Proxy" that terminates the EAP-TTLS
>> outer, and takes MSCHAPv2 inner tunnel, and forwards a clear-text
>> user/pass to the NAS for authentication.
>
>  The NAS is a RADIUS client.  It originates Access-Requests.  It
> doesn't receive them, and it definitely doesn't do authentication.
>
>>  The more I read, the more I
>> am getting the impression that this is not possible.  Is that the
>> case?
>
>  You can't convert MS-CHAP into PAP or CHAP.  And I have no idea what
> you mean when you say the NAS does authentication.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list