Try reading the post you have replied to. Ivan Kalik Kalik Informatika ISP
Dana 13/9/2007, "fuki" <[EMAIL PROTECTED]> piše: > > > >Phil Mayers wrote: >> >> On Thu, 2007-09-13 at 02:56 -0700, fuki wrote: >>> >>> >>> Phil Mayers wrote: >>> > >>> > On Thu, 2007-09-13 at 01:25 -0700, fuki wrote: >>> > >>> > You can certainly terminate the PEAP and still proxy the inner >>> > EAP-MSCHAP to another radius server; however as far as I am aware, >>> > FreeRadius doesn't yet have support for the various health state >>> > attributes, or for that matter >1 set of data inside the PEAP tunnel. >>> > >>> > In particular if you are talking about the Vista built-in health check >>> > packets, that uses PEAPv2 which FreeRadius doesn't support, and you >>> > won't be able to terminate. >>> > >>> >>> Yes I'm talking about the Vista build-in health check packets. I used a >>> packet sniffer to analyze the submitted packets and compared them with >>> the >>> PEAPv2 specification >>> (http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-10#page-11, >>> 2.1.4. Version Negotiation). According the specification PEAP v0 is used >>> by >>> Vista, so it should be possible to use FreeRadius as proxy to decrypt the >>> packages, to analyze the health state (has to be implemented) and to >>> proxy >>> the inner >>> EAP-MSCHAP to another radius server? >>> >> >> Provided FreeRadius can parse the PEAP contents (which it can't) then >> yes, sending the inner EAP-MSCHAP to another server is easy: >> >> DEFAULT FreeRadius-Proxied-To == 127.0.0.1, Proxy-To-Realm := "foo" >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > >Based on >http://lists.freeradius.org/pipermail/freeradius-users/2005-March/042098.html >I got the following idea (it's suggested to work with FreeRadius): > >RADIUS Client <- PEAP (eap-mschapv2) -> FreeRadius Proxy (tsl termination >and conversion) <- mschapv2 -> RADIUS Server > >Are there any comments for this recommendation. If it works, does somebody >now how to configure the FreeRadius proxy? >-- >View this message in context: >http://www.nabble.com/Terminate-TLS-and-proxy-PEAP-tf4434055.html#a12653324 >Sent from the FreeRadius - User mailing list archive at Nabble.com. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html