Alan DeKok" wrote: > [EMAIL PROTECTED] wrote: >> Otherwise, it should theoretically be possible to "translate" >> PEAP-MSCHAPv2 to plain MSCHAPv2 and use that for >> communication with your "simple radius" server - however, >> that still requires writing suitable code
> In eap.conf, peap{} subsection, set > proxy_tunneled_request_as_eap = no > and the server will proxy the inner tunnel EAP-MSCHAPv2 as > normal MS-CHAPv2. > > It's not widely tested, which is why it's not documented as working. >> I'm currently working at "translating" EAP-MD5 to CHAP). > Follow the magic code above. A patch would be welcome. Now that I have something which is apparently doing the correct translation and wanted to streamline it following the example of EAP-MSCHAPv2, I realize this is not quite what I want: I'm not only interested in specifically proxying the inner protocol of some PEAP request as normal CHAP/MS-CHAPv2. What I really want is to proxy _any_ EAP-MD5 (or EAP-MSCHAPv2, although that's probably pretty rarely used outside of PEAP) as normal CHAP (or MS-CHAPv2) request, no matter if it's inside a PEAP tunnel, inside an EAP-TTLS tunnel or not tunneled at all. What I currently have is generating a fake CHAP request from EAP-MD5 with the "FreeRadius-Proxied-To" attribute added, similar to what PEAP and EAP-TTLS do with the inner protocols, though it's all a bit hackish at the moment. Any suggestions what to do here exactly? Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html