After doing some more digging, I think I am catching onto this... somewhat.
It sounds like I need to have the Radius Proxy, authenticate the Outer Identity of the EAP-TTLS session locally, while the Inner Identity is proxied to the Home Radius server. I have setup the Outer identity to be anonym...@outer which is proxied to LOCAL, while the Inner identity is @inner and proxied to Home Radius. The problem is that when I run radiusd -x, I never see the @outer message, so the @inner is getting forwarded as an EAP, instead of only as a MS-CHAP-V2. Anyone know what I am overlooking? I have a crude understanding of this entire process at best, I know. :) John On Tue, Jan 5, 2010 at 12:08 PM, <jgamm...@gmail.com> wrote: > I am attempting to configure freeradius to terminate an 802.1x EAP-TTLS > authentication, but forward/proxy the user/pass to another radius server. I > can get it to standard proxy, and I can get it to function as a standalone > radius server with EAP-TTLS, but can't seem to find any good information on > how to do this.... > > I assume someone has been there done that... any help would be greatly > appreciated. > > Thanks, > John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html