EAP-PEAP/MSCHAPv2 Proxy
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 3 15:41:57 CET 2010
On 11/03/2010 02:18 PM, Влад Власов wrote:
> Hello everyone,
> Please help me
> I try to setup FreeRadius as proxy.
> I want to extract MSCHAPv2 auth from EAP-PEAP/MSCHAPv2 ,and proxy only MSCHAPv2 request to another radius server ,that does not work with a EAP-PEAP.
> changed only the following items:
>
> clients.conf
> client 172.100.100.24/30 { secret = secretpass
> shortname = AP_50 }
>
> proxy.conf
>
> realm nc { authhost = 172.10.10.1:1812
> accthost = 172.10.10.1:1813
> secret = secretpass }
>
> realm DEFAULT { authhost = 172.10.10.1:1812
> accthost = 172.10.10.1:1813
> secret = secretpass }
>
> eap.conf
>
> default_eap_type = peap
> default_eap_type = mschapv2
> proxy_tunneled_request_as_eap = no
The proxying needs to happen in the inner-tunnel virtual server, not the
outer PEAP server.
Comment out the "suffix" and "ntdomain" modules
/etc/raddb/sites-enabled/default; then comment out the:
update control {
Proxy-To-Realm := LOCAL
}
...in /etc/raddb/sites-enabled/inner-tunnel
More information about the Freeradius-Users
mailing list