Ok, thanks for pointing this out. I suppose I will have to either enable EAP on the radius for the EAP request to be proxied or have MSCHAP configured on it. Though using EAP will means I need to recompile the radius as I'm using the source packages. The radius that I need to proxy to runs 1.1.7 with LDAP.
Do you have any advise on which will be a better approach? Thanks/Regards, Ryan > You can't do that. Inner tunnel for PEAP is EAP-MSCHAPv2 and you can > proxy that. You can't transform that into PAP. If you have a look at > the thread you have quoted you will see that his users were using > EAP-TTLS PAP not PEAP. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 22/3/2008, "Ryan" <[EMAIL PROTECTED]> pi?e: > > >Sorry for being not specific enough. Was thinking of understanding how > >it works and then figure out the configuration myself. > > > >Basically I need to terminate a request that uses EAP/PEAP on the main > >radius and proxy the request to an inner radius server for > >authentication using PAP. What will I need to configure in order to > >get it forwarded correctly? > > > >Thanks/Regards, > >Ryan > > > >Ryan wrote: > >> Just read through some of the messages available on proxy tunneling. > >> I'm currently using 2.0.2 and read through the examples on inner > >> tunnel which seems to be able to do what I need. Can someone help by > >> providing more details on how it actually works? > > > > PEAP authentication is really SSL + authentication inside of the SSL > >tunnel. So... the server handles authentication "outside" of the > >tunnel, and authentication "inside" of the tunnel as independent > >authentications. > > > > Do you have *specific* questions? Asking "how does it work" is rather > >open-ended. > > > > Alan DeKok. > >- > >List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html