Proxy PEAP to one Radius Server - EAP-TLS to another Radius Server
Matthew Newton
mcn4 at leicester.ac.uk
Thu Aug 13 15:13:36 CEST 2015
On Thu, Aug 13, 2015 at 03:05:04PM +0200, Basile Bluntschli wrote:
> My switch will have the radius server A configured. All radius requests
> will be sent to the radius server A.
> If supplicant X wants to authenticate with PEAP, radius server A would
> handle the full request.
> If Supplicant Z wants to authenticate with EAP-TLS radius server A would
> proxy the whole request to Radius Server B.
>
> Is there a way to do this?
First thing that comes to mind is to look at the EAP type in the
incoming EAP-Message, and update proxy-to-realm if it's EAP-TLS.
Something like this:
if (EAP-Message =~ /^0x........0d/) {
update control {
Proxy-To-Realm := 'remote_realm'
}
else {
eap
}
but there may be cleaner ways to do it.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list