Hi Stephan, > On 2 Oct 2017, at 13.48, <[email protected]> <[email protected]> wrote: > > I saw the disclaimer saying EAP_MSCHAPv2_UseMultipleAuthBys should be > avoided, but instead try to use EAP_PEAP_MSCHAP_Convert. > What would normally be the recommended situation to use the > EAP_PEAP_MSCHAP_Convert at? >
When you are proxying requests to RADIUS server which does not support EAP-MSCHAPv2 but can still handle ordinary RADIUS-MSCHAPV2. http://www.open.com.au/radiator/ref/EAP_PEAP_MSCHAP_Convert.html#EAP_PEAP_MSCHAP_Convert Currently, EAP_MSCHAPv2_UseMultipleAuthBys is a kind of a workaround, but should not be needed in a future. > > Since we share our infrastructure, we use a proxy RADIUS server (also > radiator) in order to forward the requests to the customer network for > request handling. Would the best practice generally be to use the convert > part at the proxy or on the validating RADIUS server? > To do the conversion at the proxying RADIUS server. BR -- Tuure Vartiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
