> [ EAP-TTLS tunnelled PAP to one backend, EAP-TTLS tunnelled MSCHAPv2 > to other backend. What to do with EAP-TTLS tunnelled EAP-MSCHAPv2. ]
Finally, I managed to find a not-so-elegant workaround. The EAP-TTLS tunnelled MSCHAPv2 can be detected with MS-CHAP-Challenge=/.+/. That can be proxied to Windows RADIUS servers. All others are proxied without TTLS to next RADIATOR servers. There I can differ PAP and EAP-MSCHAPv2. The latter I need to transfer to regular MSCHAPv2 that I can proxy to Windows RADIUS servers. It still puzzles me why I failed to do that with the RADIATOR terminating the TTLS. It may be due the PEAP section in the same configuration. Perhaps the inner authentication was either pushed to wrong handler or couldn't find a matching handler at all. Cheers, Matti _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
