On Thu, 2007-09-13 at 01:25 -0700, fuki wrote: > Hi > > At the moment I use FreeRADIUS to proxy eap peap mschapv2 request to a > RADIUS server for authentication. The connecting machine submits in addition > to the authentication information, some > information about it's health state encrypted in the PEAP packets. > > Is there a possibility to decrypt the packets on the FreeRADIUS Proxy, to > get the health state, and forward the PEAP packets for authentication to the > RADIUS server. Or in other words is there a possibility to determine the > TLS-Connection on the FreeRADIUS proxy and to forward the PEAP packets to > the RADIUS Server and how the FreeRADIUS proxy has to be configured?
You can certainly terminate the PEAP and still proxy the inner EAP-MSCHAP to another radius server; however as far as I am aware, FreeRadius doesn't yet have support for the various health state attributes, or for that matter >1 set of data inside the PEAP tunnel. In particular if you are talking about the Vista built-in health check packets, that uses PEAPv2 which FreeRadius doesn't support, and you won't be able to terminate. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
