You can't do that. Inner tunnel for PEAP is EAP-MSCHAPv2 and you can proxy that. You can't transform that into PAP. If you have a look at the thread you have quoted you will see that his users were using EAP-TTLS PAP not PEAP.
Ivan Kalik Kalik Informatika ISP Dana 22/3/2008, "Ryan" <[EMAIL PROTECTED]> piše: >Sorry for being not specific enough. Was thinking of understanding how >it works and then figure out the configuration myself. > >Basically I need to terminate a request that uses EAP/PEAP on the main >radius and proxy the request to an inner radius server for >authentication using PAP. What will I need to configure in order to >get it forwarded correctly? > >Thanks/Regards, >Ryan > >Ryan wrote: >> Just read through some of the messages available on proxy tunneling. >> I'm currently using 2.0.2 and read through the examples on inner >> tunnel which seems to be able to do what I need. Can someone help by >> providing more details on how it actually works? > > PEAP authentication is really SSL + authentication inside of the SSL >tunnel. So... the server handles authentication "outside" of the >tunnel, and authentication "inside" of the tunnel as independent >authentications. > > Do you have *specific* questions? Asking "how does it work" is rather >open-ended. > > Alan DeKok. >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
