[EMAIL PROTECTED] wrote: > I'm not sure either. I think if I configured more than one modules > in the "authenticate" section, FreeRADIUS will call each > authenticate method sequentially. In this way we can make the > following modules to process the value pairs we put in TTLS code.
No. TTLS and PEAP do NOT do authentication. They *carry* an authentication method, and only one authentication method. > However, if this does not work, I think we can configure a "pure" > TTLS server and a normal FreeRADIUS server. The TTLS server just > extract the AVPs, put them in to RADIUS packets (maybe in > request->proxy?), and forward them to the FreeRADIUS server. I don't > know how to write the configuration file, but I think this is > possible. It's possible. What we can also do is to have TTLS and PEAP in the 'authorize' block, and have them decrypt data out of TTLS / PEAP, and add it to the REQUEST data structures. Other 'authorize' modules can then determine how/when to do authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
