I enabled MS-CHAP on the radius whereby the request is to be proxied
to. Using the configuration mentioned in
http://lists.freeradius.org/pipermail/freeradius-users/2008-February/069292.html
as a guide, I was able to configure the radius to proxy the request as
plain MS-CHAP however encounter some
Ok, thanks for pointing this out.
I suppose I will have to either enable EAP on the radius for the EAP
request to be proxied or have MSCHAP configured on it. Though using
EAP will means I need to recompile the radius as I'm using the source
packages. The radius that I need to proxy to runs 1.1.7
Sorry for being not specific enough. Was thinking of understanding how
it works and then figure out the configuration myself.
Basically I need to terminate a request that uses EAP/PEAP on the main
radius and proxy the request to an inner radius server for
authentication using PAP. What will I
Just read through some of the messages available on proxy tunneling.
I'm currently using 2.0.2 and read through the examples on inner
tunnel which seems to be able to do what I need. Can someone help by
providing more details on how it actually works?
Thanks/Regards
Ryan
On Thu, Mar 20, 2008 at
Ryan wrote:
Just read through some of the messages available on proxy tunneling.
I'm currently using 2.0.2 and read through the examples on inner
tunnel which seems to be able to do what I need. Can someone help by
providing more details on how it actually works?
PEAP authentication is
Hi All,
I'm having a problem trying to configure proxy from one radius to
another. Users are connecting using 802.1x with EAP/PEAP. There are
two groups of users, one group are authenticated on the main radius
using local LDAP. However for the second group of users, they have to
be authenticated
Hi,
Hi again and thanks,
EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and
outer tunnel but it will not work.
EAP-TTLS/PAP ended
A. If an incoming user conn. against the FreeRadius Server (Nr1) is
belonging to OTHER (LOCAL) domain then
the EAP-TTLS tunnel is ended
Joakim Lindgren wrote:
EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and
outer tunnel but it will not work.
sigh. Read the FAQ about it doesn't work.
A. If an incoming user conn. against the FreeRadius Server (Nr1) is
belonging to OTHER (LOCAL) domain then
the
Hi again, sorry have read the FAQ ;-) thought that it didn´t needed, sorry.
Output below. All configurations as provided in earlier mail except users:
users
DEFAULT EAP-Type == PEAP, FreeRADIUS-Proxied-To !* 127.0.0.1,
Hi!
Jayal1972 wrote:
Hi again, sorry have read the FAQ ;-) thought that it didn´t needed, sorry.
Sending Access-Request of id 0 to 192.168.1.75 port 1812
Re-sending Access-Request of id 0 to 192.168.1.75 port 1812
Re-sending Access-Request of id 0 to 192.168.1.75 port 1812
Fri Feb 1
Hi again, I probably have to explain what I want to accomplish in detail,
what I´m aiming for is this:
In users file:
DEFAULT EAP-Type == PEAP, FreeRADIUS-Proxied-To !* 127.0.0.1,
Proxy-To-Realm := LOCAL
End all EAP-TTLS connections at proxy.
If not SECURACCESS domain: check Username
Sorry, got it wrong in last post, read this one instead:
DEFAULT EAP-Type == PEAP, FreeRADIUS-Proxied-To !* 127.0.0.1,
Proxy-To-Realm := LOCAL
End all EAP-TTLS connections at proxy.
If not SECURACCESS domain: check Username against LDAP.
(If possible to order. Do NOT check SECURACCESS
Hi all (and really thanks to Alan DeKok),
I have a complete EAP-PEAP/TLS/TTLS configuration working against FreeRadius
and IAS.
A software I´m using is offering two factor authentication and they got
their own Radius who only supports PAP.
Is it possible to terminate the client EAP connection at
Joakim
You could certainly do this with EAP-TTLS/PAP. I know because I've
done it myself in a previous job.
It's quite simple really. You have the outer authentication using one
realm (possibly the null realm and using the name 'anonymous'). In
the inner authentication, you use another realm
Hi all, thanks for your explanation earlier!
I need your help with EAP-TTLS and PAP. I have earlier setup
EAP-PEAP/EAP-TTLS and EAP-TLS working OK!
I tried configuring the TTLS-PAP inner and outer tunnel but it will not work
(and yes I have searched the forum, as always ;-)
Here are my
Think about upgrading to 2.0.1. You can then configure default home
server to handle requests A and another virtual server to terminate TLS
and proxy PAP requests to a remote home server.
I don't quite get this bit about encrypted requests. Radius packets
*are* encrypted.
Ivan Kalik
Kalik
Sorry, I just read your subject line. What is the request sent from the
supplicant: PEAP or EAP-TTLS/PAP?
Ivan Kalik
Kalik Informatika ISP
Dana 31/1/2008, Joakim Lindgren [EMAIL PROTECTED] piše:
Hi all, thanks for your explanation earlier!
I need your help with EAP-TTLS and PAP. I have
Hi again and thanks,
EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and
outer tunnel but it will not work.
EAP-TTLS/PAP ended
A. If an incoming user conn. against the FreeRadius Server (Nr1) is
belonging to OTHER (LOCAL) domain then
the EAP-TTLS tunnel is ended and validated
18 matches
Mail list logo