Hi Alan I did as you suggested and managed to get just the tunnel proxied by adding the line "DEFAULT EAP-Type == MS-CHAP-V2, Proxy-To-Realm := mydomain" and setting proxy_tunneled_request_as_eap = no in the peap section of eap.conf.
Is this the way you would suggest to do it? I envisage it will cause me problems if I want to do MS-CHAP-V2 and not proxy it. How do I get around that? Also it doesn't cope with multiple realms and I am likely to have multiple realms configured. How can I set the realm to proxy to at run time? This is what I would like to do: Server configured to do TLS and PEAP authentication. PEAP tunnel will be proxied to "realm" if username is of the form [EMAIL PROTECTED] but otherwise authenticated locally. TLS part of PEAP always occurs on the local server. Multiple realms may be configured. Many thanks. Mark On Thu, 17 Mar 2005 12:43:35 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote: > Mark <[EMAIL PROTECTED]> wrote: > > Thanks for your reply. I've put some comments in-line. I can > > understand what you are saying but don't know how to configure the > > local radius to proxy just the tunnel. > > Run the server in debugging mode to see how it processes the PEAP > request, and the tunneled request. Write entries in the "users" file > to match the tunneled request, and proxy it. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html