Hi I want to do 802.1x PEAP authentication on FreeRADIUS. Authentication (username/password checking) needs to be done on another RADIUS server (Safeword server), which is uncapable to handle EAP requests.
What I do have working: * PEAP with users in a local MySQL database on the FreeRADIUS server * proxy simple authentication requests to Safeword server I have configured all kinds of options suggested in this list to try to terminate the EAP tunnel in FreeRADIUS, but still EAP messages are sent to the Safeword server: An RADIUS Access-Request is sent, with these attribute value pairs: EAP-Message User-Name NAS-IP-Address Message-Authenticator Proxy-State I should expect a RADIUS Access-Request with these attribute value pairs: User-Name User-Password NAS-IP-Address NAS-Port Proxy-State What am I doing wrong? I have this in my users file: NULL Proxy-To-Realm := LOCAL DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := Safeword I have this in proxy.conf: realm LOCAL { type = radius authhost = LOCAL accthost = LOCAL } realm Safeword { type = radius authhost = <ip>:1645 accthost = <ip>:1646 secret = <secret> } Ronald
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html