Thanks for your reply. I've put some comments in-line. I can understand what you are saying but don't know how to configure the local radius to proxy just the tunnel.
Mark On Wed, 16 Mar 2005 13:16:56 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote: > Mark <[EMAIL PROTECTED]> wrote: > > The problem is that I need access to the "real" username in the PEAP > > tunnel on the proxy server. So I would like to establish the tunnel > > using the local server and only once the tunnel has been created (and > > I have access to the username in it) do the requests get sent to the > > remote server so that I can authenticate against the user data on the > > remote server. > > That should work. > > > I have seen the comment in the proxy.conf file about adding a DEFAULT > > EAP-Type == PEAP, Proxy-ToRealm := LOCAL. > > Under certain circumstances. > > > If I added this line no PEAP requests were forwarded to the remote > > server. > > Did you tell FreeRADIUS to proxy *anything* to the remote server? > > I think you're not clear on what you want. > > a) establishing the tunnel on the local server means that > the remote server NEVER sees PEAP OK I can see why that would be the case. > b) establishing the tunnel on the local server means that > you have to tell the local server to NOT proxy the PEAP session OK > c) having the home server perform the authentication means that > you have to configure the local server to proxy the tunneled > portion of the PEAP session. How do I do this? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
