Eap-Type != peap. Local ones are using PEAP and remote EAP-TTLS/PAP, right?
Ivan Kalik Kalik Informatika ISP Dana 2/2/2008, "Jayal1972" <[EMAIL PROTECTED]> piše: > >Hi again, > >I mean: how to detect a special name in the request. And to NOT proxy local >calls... >Is my configuration OK? > >// J > > >Jayal1972 wrote: >> >> Hi Ivan, I can´t thank you enough for the help. >> >>>Have different names for a server realm and user domain so you can choose >>>when to proxy. >> >> Could you please leave me a hont how to do that. >> >> Why doesn´t it do PAP? When the connection reach the home server it´s >> encrypted? >> >> // J >> >> >> >> Ivan Kalik wrote: >>> >>>>All users found with SECURACCESS domain in name i.e. >"[EMAIL PROTECTED]". >>>>Proxy them with PAP authentication to "SECURACCCESS" domain IP address >>>>mentioned in proxy.conf. >>>> >>>>>Fall-Through := No >>>> >>>>If SECURACCESS domain found in User-Name "[EMAIL PROTECTED]" stop after >>>>proxying. >>>> >>>>So I want to END all EAP tunnels at proxy for ALL domains. Authenticate >with >>>>LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy >only >>>>PAP further (to IP address mentioned in proxy.conf). >>>> >>>>>Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling suffix >>>>(rlm_realm) for request 0 >>>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Looking up realm >>>>"SECURACCESS" for User-Name = >"[EMAIL PROTECTED]" >>>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Found realm >"SECURACCESS" >>>> >>>>So here we found SECURACCESS domain name in User-Name: >>>> >>>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding >Stripped-User-Name >>>>= "joakimlindgren" >>>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Proxying request from >user >>>>joakimlindgren to realm >SECURACCESS >>>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Realm = >>>>"SECURACCESS" >>>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Preparing to proxy >>>>authentication request to realm "SECURACCESS" >>>> >>>>Where proxying the request to ip address mentioned in proxy.conf (but >here >>>>we donĂ�´t end the EAP?) >>>> >>> >>> Have different names for a server realm and user domain so you can choose >>> when to proxy. Leave user as [EMAIL PROTECTED]; configure SECURACCESS to >>> be a LOCAL realm; configure home server realm as SECURE and proxy to >>> that one. >>> >>> Again, you should think about 2.0.1 where you can define one virtual >>> server to deal with @SECURACCESS requests and another for others. >>> >>> Ivan Kalik >>> Kalik Informatika ISP >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >> >> > >-- >View this message in context: >http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15242083.html >Sent from the FreeRadius - User mailing list archive at Nabble.com. > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html