Joakim Lindgren wrote: > EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and > outer tunnel but it will not work.
<sigh>. Read the FAQ about "it doesn't work". > A. If an incoming user conn. against the FreeRadius Server (Nr1) is > belonging to "OTHER" (LOCAL) domain then > the EAP-TTLS tunnel is ended and validated against the LDAP. > > B. If an incoming user conn. against the FreeRadius Server (Nr1) is > belonging to "SECURSERVER" domain then > the EAP-TTLS tunnel is ended and PAP is proxied to other Radius (Nr 2) This is pretty trivial to do in 2.0.1. You can configure the policy pretty much as you wrote it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
