configuring proxy base on eap-type

Alan DeKok aland at
Tue May 25 14:40:05 CEST 2010

Fred MAISON wrote:
> Yes, how can I do that ? May I activate proxy-inner-tunnel site along
> with inner-tunnel site ? 

  No.  It's an example.

  You can set "Proxy-To-Relam" to force proxying.  See raddb/proxy.conf

>>   So... figure out who's supposed to do EAP-JUAC, 
> Yes, but based on what ? I currently use a real, but this can be changed
> by end-user to bypass JUAC host checking capabilities ...

  Check the user name?  Put the users into groups?

  This shouldn't be hard.  You are *already* determining which users do
JUAC, and which don't: the machines are configured to do it.

  Now just write down those rules for FreeRADIUS..

> Yes, it's what I need, but I don't fully master how to do that. May be
> the first point related to  enable site proxy-inner-tunnel ?
> If so, it seem to be very unselective (I meen ALL protocols doing
> inner-tunnel will be proxied to UAC, leaving only EAP-LEAP on
> freeradius. This could be a good solution for me.

  So... configure that.

  Alan DeKok.

More information about the Freeradius-Users mailing list