Mark <[EMAIL PROTECTED]> wrote: > I did as you suggested and managed to get just the tunnel proxied by > adding the line > "DEFAULT EAP-Type == MS-CHAP-V2, Proxy-To-Realm := mydomain" > and setting proxy_tunneled_request_as_eap = no in the peap section of > eap.conf. > > Is this the way you would suggest to do it?
It should work. > I envisage it will cause me problems if I want to do MS-CHAP-V2 and > not proxy it. How do I get around that? EAP-MSCHAP-V2 is not the same as MSCHAPv2. > Also it doesn't cope with multiple realms and I am likely to have > multiple realms configured. How can I set the realm to proxy to at run > time? You can use the Proxy-To-Realm attribute. Proxy-To-Realm := "foo.com" > PEAP tunnel will be proxied to "realm" if username is of the form > [EMAIL PROTECTED] but otherwise authenticated locally. TLS part of PEAP > always occurs on the local server. Multiple realms may be configured. It should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html