Alan DeKok" wrote:
> [EMAIL PROTECTED] wrote:
>> Otherwise, it should theoretically be possible to "translate"
>> PEAP-MSCHAPv2 to plain MSCHAPv2 and use that for
>> communication with your "simple radius" server - however,
>> that still requires writing suitable code
> In eap.conf, peap{} subsection, set
> proxy_tunneled_request_as_eap = no
> and the server will proxy the inner tunnel EAP-MSCHAPv2 as
> normal MS-CHAPv2.
>
> It's not widely tested, which is why it's not documented as
working.
>> I'm currently working at "translating" EAP-MD5 to CHAP).
> Follow the magic code above. A patch would be welcome.
Now that I have something which is apparently doing the correct
translation and wanted to streamline it following the example
of EAP-MSCHAPv2, I realize this is not quite what I want:
I'm not only interested in specifically proxying the inner protocol
of some PEAP request as normal CHAP/MS-CHAPv2. What I
really want is to proxy _any_ EAP-MD5 (or EAP-MSCHAPv2,
although that's probably pretty rarely used outside of PEAP) as
normal CHAP (or MS-CHAPv2) request, no matter if it's inside
a PEAP tunnel, inside an EAP-TTLS tunnel or not tunneled at all.
What I currently have is generating a fake CHAP request from
EAP-MD5 with the "FreeRadius-Proxied-To" attribute added,
similar to what PEAP and EAP-TTLS do with the inner protocols,
though it's all a bit hackish at the moment.
Any suggestions what to do here exactly?
Regards,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
