Mark <[EMAIL PROTECTED]> wrote:
> The problem is that I need access to the "real" username in the PEAP
> tunnel on the proxy server. So I would like to establish the tunnel
> using the local server and only once the tunnel has been created (and
> I have access to the username in it) do the requests get sent to the
> remote server so that I can authenticate against the user data on the
> remote server.
That should work.
> I have seen the comment in the proxy.conf file about adding a DEFAULT
> EAP-Type == PEAP, Proxy-ToRealm := LOCAL.
Under certain circumstances.
> If I added this line no PEAP requests were forwarded to the remote
> server.
Did you tell FreeRADIUS to proxy *anything* to the remote server?
I think you're not clear on what you want.
a) establishing the tunnel on the local server means that
the remote server NEVER sees PEAP
b) establishing the tunnel on the local server means that
you have to tell the local server to NOT proxy the PEAP session
c) having the home server perform the authentication means that
you have to configure the local server to proxy the tunneled
portion of the PEAP session.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
