Terminate EAP-TTLS then proxy
Alan Buxey
alan.buxey at gmail.com
Fri Sep 22 09:32:22 CEST 2017
Change default EAP type md5 to ttls in your EAP module, that'll save a
resend
Next look at how you are handling realms in outer and inner. If only
proxying ttls then comment out prefix/suffix from outer server.
Finally, by default, there's a big safety switch in the inner tunnel to
ensure things don't by default get their proxy changed in ttls , remove the
proxy-to-realm statement (read the surrounding warning text) *or* update it
to be relevant eg wrap it in unlang statement to only occur if the realm is
not passpoint
Ps having worked with passpoint myself I think I know what and why you are
doing this ;)
alan
On 21 Sep 2017 11:27 pm, "Alan DeKok" <aland at deployingradius.com> wrote:
On Sep 21, 2017, at 6:24 PM, <adrian.p.smith at bt.com> <adrian.p.smith at bt.com>
wrote:
>
> Hi Alan,
>
> I proxy-to-realn LOCAL in the default server as I was advised to do this
as part of the EAP-TTLS termination and Transfer to the inner-tunnel.
>
> Perhaps this is not needed?
It's needed if you don't want to proxy the outer EAP session.
> My aim is be able to terminate the EAP and then proxy the request to
another server.
Then edit the inner tunnel to delete the "Proxy-To-Realm = Local"
attribute.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
list/users.html
More information about the Freeradius-Users
mailing list