Config for proxying based on auth-protocol
Nitin Bhardwaj
nbhardwaj at merunetworks.com
Tue May 10 07:18:40 CEST 2011
Hello ,
I want to configure FreeRADIUS to do the following two things:
(1) Handle tunnel for PEAP authentication requested by any supplicant(s),
and do mschapv2 auth with another RADIUS server. (Irrespective
of the realm in the user-name)
(2) Transparently proxy all other non-PEAP requests to another RADIUS
server (like LEAP, EAP-FAST etc etc).
( Again, Irrespective of the realm in the user-name).
My config for (1) is already working (eap.conf below) and FreeRADIUS is
properly doing
ms-chapv2 auth with another RADIUS server. However, I tried many changes
in config, but could not
configure it to do (2). FreeRADIUS itself tries to handle LEAP and
EAP-FAST requests.
Please guide me in configuring FreeRADIUS for (2) above.
My eap.conf:
eap {
default_eap_type = mschapv2
timer_expire = 60
ignore_unknown_eap_types = yes
cisco_accounting_username_bug = no
max_sessions = 2048
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
CA_file = ${certdir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = no
virtual_server = "proxy-inner-tunnel"
}
leap {
}
mschapv2 {
}
}
--
//Nitin Bhardwaj////|//**//**
More information about the Freeradius-Users
mailing list