Fred MAISON wrote: > Yes, how can I do that ? May I activate proxy-inner-tunnel site along > with inner-tunnel site ?
No. It's an example. You can set "Proxy-To-Relam" to force proxying. See raddb/proxy.conf >> So... figure out who's supposed to do EAP-JUAC, > Yes, but based on what ? I currently use a real, but this can be changed > by end-user to bypass JUAC host checking capabilities ... Check the user name? Put the users into groups? This shouldn't be hard. You are *already* determining which users do JUAC, and which don't: the machines are configured to do it. Now just write down those rules for FreeRADIUS.. > Yes, it's what I need, but I don't fully master how to do that. May be > the first point related to enable site proxy-inner-tunnel ? > If so, it seem to be very unselective (I meen ALL protocols doing > inner-tunnel will be proxied to UAC, leaving only EAP-LEAP on > freeradius. This could be a good solution for me. So... configure that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html