Bob McCormick <[EMAIL PROTECTED]> wrote: > I read the post quoted below, and it seemed to indicate that it should > be possible to get freeradius to handle PEAP or TTLS, and proxy the > inner MSCHAP request to another radius server. Has anyone ever got > this to work? I've tried, but I keep getting the following error > message: > > WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! > Cancelling invalid proxy request.
It's a warning, not an error. The way to get it to work is to configure the server to NOT proxy the outer session, but to proxy the inner session. This is another way: #--- DEFAULT FreeRADIUS-Proxied-To !* 127.0.0.1, Proxy-To-Realm := LOCAL DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm" #--- Which marks the outer session as always local, and the inner as always proxied. Configure it in a test system FIRST. Use a minimalist test system, which should make debugging much easier. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
