configuring proxy base on eap-type
Alan DeKok
aland at deployingradius.com
Mon May 24 11:49:59 CEST 2010
Fred MAISON wrote:
> Is there any way to proxy freeradius unsupported eap-type to an external
> radius ?
EAP does not allow this.
By the time EAP has decided on an EAP type, the EAP conversation is
well underway. Changing it mid-stream to another server won't work.
> I have a working setup using inner-tunnel.
> If I understand correctly, in this case, inner-eap are tunneled to
> localhost on port 1814 by default.
Sort of. It's not really proxied, but the basic idea is the same.
> My goal is to have eap-juac (Juniper/Funk Software) tunneled to a
> Juniper UAC device.
Does that appear inside of a TLS tunnel? If so, the *inner* session
can be proxied.
Otherwise... no, it can't be proxied.
> I try to avoid my actual proxy setup where a specific real is tunneled
> to UAC. The problem is that end-users can bypass UAC proxying by simply
> changing their domain identity ...
Then how will they be authenticated locally? *Why* would you
authenticate them locally?
Alan DeKok.
More information about the Freeradius-Users
mailing list