Proxy PEAP to one Radius Server - EAP-TLS to another Radius Server
Basile Bluntschli
basile.bluntschli at gmail.com
Fri Aug 14 11:39:05 CEST 2015
Hi Matthew
thanks, I try to go route a) then.
If I find a way of doing so I would post it here.
Thanks
Basile
2015-08-14 10:46 GMT+02:00 Matthew Newton <mcn4 at leicester.ac.uk>:
> On Fri, Aug 14, 2015 at 09:33:08AM +0200, Basile Bluntschli wrote:
> > thanks for your anwser would you mind sharing what "not nice" solution
> may
> > could work?
>
> Something along the lines of
>
> look up tuple(calling-station-id, user-name) in cache/db
> if found { proxy }
> else
> {
> eap
> if (eap-type == "EAP-TLS" (or EAP-Message regex etc)) {
> add tuple(calling-station-id, user-name) to cache/db
> reject
> }
> }
>
> I'm sure you really don't want to do this. But you did ask.
>
> I would
>
> a) work out some other way to distinguish between the different
> types of clients; or
>
> b) do it all on one RADIUS server.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list