Thanks for the tips guys. Been doing some more digging and learning a lot... but maybe I should take a step back here and explain what I am trying to accomplish....
My client "Ubiquity Nanostation" only supports EAP-TTLS MSCHAPv2. My NAS, only supports access-requests using PAP/CHAP passwords in clear-text. I am attempting to setup a "Radius Proxy" that terminates the EAP-TTLS outer, and takes MSCHAPv2 inner tunnel, and forwards a clear-text user/pass to the NAS for authentication. The more I read, the more I am getting the impression that this is not possible. Is that the case? John On Wed, Jan 6, 2010 at 3:43 PM, Alan DeKok <al...@deployingradius.com> wrote: > John Gammons wrote: >> After doing some more digging, I think I am catching onto this... somewhat. >> >> It sounds like I need to have the Radius Proxy, authenticate the Outer >> Identity of the EAP-TTLS session locally, while the Inner Identity is >> proxied to the Home Radius server. > > Yes. > >> I have setup the Outer identity to be anonym...@outer which is proxied >> to LOCAL, > > Er... no. Don't proxy it. > >> while the Inner identity is @inner and proxied to Home >> Radius. The problem is that when I run radiusd -x, I never see the >> @outer message, so the @inner is getting forwarded as an EAP, instead >> of only as a MS-CHAP-V2. > > See eap.conf, proxy_tunneled_request_as_eap. > >> Anyone know what I am overlooking? I have a crude understanding of >> this entire process at best, I know. :) > > See doc/aaa.txt for a simple introduction to the process. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html