> What we are wondering is if its possible to still have requests come > through to our freeradius box, and instead of providing the certificate > and proxying the contents of the inner tunnel to the AD box.. if its > possible to simply proxy the entire request, PEAP/MSCHAP and all > directly to their AD servers? They are hesitant to allow our freeradius > box to join the domain, and if its doable, a workaround would be the > preferred route.
No, domain controler is not a radius server. They would need to set up IAS. Freeradius can proxy to that thing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html