I enabled MS-CHAP on the radius whereby the request is to be proxied to. Using the configuration mentioned in http://lists.freeradius.org/pipermail/freeradius-users/2008-February/069292.html as a guide, I was able to configure the radius to proxy the request as plain MS-CHAP however encounter some problems when the response is returned.
Will address this in a separate message as the subject is no longer appropriate. Regards, Ryan On Mon, Mar 24, 2008 at 10:30 AM, Ryan <[EMAIL PROTECTED]> wrote: > Ok, thanks for pointing this out. > > I suppose I will have to either enable EAP on the radius for the EAP > request to be proxied or have MSCHAP configured on it. Though using > EAP will means I need to recompile the radius as I'm using the source > packages. The radius that I need to proxy to runs 1.1.7 with LDAP. > > Do you have any advise on which will be a better approach? > > Thanks/Regards, > Ryan > > > You can't do that. Inner tunnel for PEAP is EAP-MSCHAPv2 and you can > > proxy that. You can't transform that into PAP. If you have a look at > > the thread you have quoted you will see that his users were using > > EAP-TTLS PAP not PEAP. > > > > Ivan Kalik > > Kalik Informatika ISP > > > > > > Dana 22/3/2008, "Ryan" <[EMAIL PROTECTED]> pi?e: > > > > >Sorry for being not specific enough. Was thinking of understanding how > > >it works and then figure out the configuration myself. > > > > > >Basically I need to terminate a request that uses EAP/PEAP on the main > > >radius and proxy the request to an inner radius server for > > >authentication using PAP. What will I need to configure in order to > > >get it forwarded correctly? > > > > > >Thanks/Regards, > > >Ryan > > > > > >Ryan wrote: > > >> Just read through some of the messages available on proxy tunneling. > > >> I'm currently using 2.0.2 and read through the examples on inner > > >> tunnel which seems to be able to do what I need. Can someone help by > > >> providing more details on how it actually works? > > > > > > PEAP authentication is really SSL + authentication inside of the SSL > > >tunnel. So... the server handles authentication "outside" of the > > >tunnel, and authentication "inside" of the tunnel as independent > > >authentications. > > > > > > Do you have *specific* questions? Asking "how does it work" is rather > > >open-ended. > > > > > > Alan DeKok. > > >- > > >List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
