FreeRadius as proxy with SoH support
Phil Mayers
p.mayers at imperial.ac.uk
Thu May 10 11:51:28 CEST 2012
On 10/05/12 10:20, Tobias Berndes wrote:
> Hello,
> how can i configure my freeradius server as a proxy to the master radius
> server in my network, but the freeradius server have to use SoH for
> Packetfence.
I assume you mean MS-SoH, inside PEAP?
If so, you can proxy the PEAP inner auth to a remote server as
EAP-MSCHAPv2 or (not recommended) plain MSCHAPv2.
Simply do this:
sites-enabled/inner-tunnel:
authorize {
update control {
Proxy-To-Realm := OTHER
}
}
...then define the "OTHER" realm and radius server(s) appropriately in
proxy.conf
The local server will perform the PEAP outer (TLS negotiation) and SoH
functions, then proxy the PEAP inner (MSCHAP) to the remote server.
More information about the Freeradius-Users
mailing list