eap_ttls not setting 'FreeRADIUS-Proxied-To'

Matthew Newton mcn4 at leicester.ac.uk
Thu Jan 14 00:26:30 CET 2016

On Thu, Jan 14, 2016 at 01:05:32AM +0200, Zenon Mousmoulas wrote:
> On 2016-01-13 02:04, David Lord wrote:
> In other words the default server would be configured to proxy requests to a
> particular realm to a virtual_server and the EAP module called by that
> virtual server would point to a third (inner-tunnel) virtual server. I
> recall that a request can not be proxied more than once to a virtual server,
> and that is by design. Right?

Outer-EAP -> inner-EAP isn't proxying.

But still, I'm not entirely sure why you'd do this anyway unless
you want a messy/complicated config. The outer can either proxy
(if required) or call EAP for local auth, so two virtual-server
"layers". If you really wanted to keep the architecture clean I'd
just be inclined to set up a second set of proxy-only servers to
keep the first layer separate rather than doing it all in the same
server. VMs are cheap, and the design is much easier for others to


Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list