Fred MAISON wrote: > Is there any way to proxy freeradius unsupported eap-type to an external > radius ?
EAP does not allow this. By the time EAP has decided on an EAP type, the EAP conversation is well underway. Changing it mid-stream to another server won't work. > I have a working setup using inner-tunnel. > If I understand correctly, in this case, inner-eap are tunneled to > localhost on port 1814 by default. Sort of. It's not really proxied, but the basic idea is the same. > My goal is to have eap-juac (Juniper/Funk Software) tunneled to a > Juniper UAC device. Does that appear inside of a TLS tunnel? If so, the *inner* session can be proxied. Otherwise... no, it can't be proxied. > I try to avoid my actual proxy setup where a specific real is tunneled > to UAC. The problem is that end-users can bypass UAC proxying by simply > changing their domain identity ... Then how will they be authenticated locally? *Why* would you authenticate them locally? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html