FreeRadius as proxy with SoH support

Phil Mayers p.mayers at
Thu May 10 11:51:28 CEST 2012

On 10/05/12 10:20, Tobias Berndes wrote:
> Hello,
> how can i configure my freeradius server as a proxy to the master radius
> server in my network, but the freeradius server have to use SoH for
> Packetfence.

I assume you mean MS-SoH, inside PEAP?

If so, you can proxy the PEAP inner auth to a remote server as 
EAP-MSCHAPv2 or (not recommended) plain MSCHAPv2.

Simply do this:


authorize {
   update control {
     Proxy-To-Realm := OTHER

...then define the "OTHER" realm and radius server(s) appropriately in 

The local server will perform the PEAP outer (TLS negotiation) and SoH 
functions, then proxy the PEAP inner (MSCHAP) to the remote server.

More information about the Freeradius-Users mailing list