Bob McCormick <[EMAIL PROTECTED]> wrote: > Sorry, I guess my description was a little vague. I want to handle on > EAP types on the proxy radius server, but send the inner MS-CHAP > request to another radius server.
OK.. > PEAP is the only one listed in my config right now just because it's > the only one I've been testing with (I'm trying to follow your advice > actually Don't listen to *everything* I say... > and keep the config as simple as I can). That's a good idea, though. So the issues are: a) somehow tell tunneled sessions from non-tunneled sessions b) proxy tunneled sessions c) don't proxy non-tunneled sessions Requests inside of the tunnel have "FreeRADIUS-Proxied-To = 127.0.0.1" set. Requests outside of the tunnel don't have that attribute at all. So you should be able to do: #--- DEFAULT FreeRADIUS-Proxied-To =* 127.0.0.1, Proxy-To-Realm := LOCAL #--- i.e. for requests outside of the tunnel, force them to be handled locally. #--- DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "foo.com" #--- i.e. for requests inside of the tunnel, force them to be proxied to "foo.com". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
