John Gammons wrote: > After doing some more digging, I think I am catching onto this... somewhat. > > It sounds like I need to have the Radius Proxy, authenticate the Outer > Identity of the EAP-TTLS session locally, while the Inner Identity is > proxied to the Home Radius server.
Yes. > I have setup the Outer identity to be anonym...@outer which is proxied > to LOCAL, Er... no. Don't proxy it. > while the Inner identity is @inner and proxied to Home > Radius. The problem is that when I run radiusd -x, I never see the > @outer message, so the @inner is getting forwarded as an EAP, instead > of only as a MS-CHAP-V2. See eap.conf, proxy_tunneled_request_as_eap. > Anyone know what I am overlooking? I have a crude understanding of > this entire process at best, I know. :) See doc/aaa.txt for a simple introduction to the process. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
