Hi I want to do 802.1x PEAP authentication on FreeRADIUS. Authentication (username/password checking) needs to be done on another RADIUS server (Safeword server), which is uncapable to handle EAP requests.
What I do have working:
* PEAP with users in a local MySQL database on the FreeRADIUS server
* proxy simple authentication requests to Safeword server
I have configured all kinds of options suggested in this list to try to
terminate the EAP tunnel in FreeRADIUS, but still EAP messages are sent to
the Safeword server:
An RADIUS Access-Request is sent, with these attribute value pairs:
EAP-Message
User-Name
NAS-IP-Address
Message-Authenticator
Proxy-State
I should expect a RADIUS Access-Request with these attribute value pairs:
User-Name
User-Password
NAS-IP-Address
NAS-Port
Proxy-State
What am I doing wrong?
I have this in my users file:
NULL Proxy-To-Realm := LOCAL
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := Safeword
I have this in proxy.conf:
realm LOCAL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm Safeword {
type = radius
authhost = <ip>:1645
accthost = <ip>:1646
secret = <secret>
}
Ronald
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
