freeradius


how to configure FreeRADIUS to proxy the PAP request inside an EAP-TTLS tunnel


how can I configure FreeRADIUS to proxy the PAP request inside an EAP-TTLS tunnel?
Client sends a EAP-TTLS with PAP as inner protocol to freeradius server. I want to proxy the PAP request to another RADIUS server which understands only PAP. How could I configire freeradius for this.
Ensure in the eap module configuration
proxy_tunneled_request_as_eap = no
Configure your proxy realm in proxy.conf
Set proxy realm in inner server
update control {
Proxy-To-Realm := <realm>
}
Just putting the solution steps in case someone needs it.
Add realm in proxy conf file (/sbin/proxy.conf):
realm MYAUTH {
type = radius
authhost = Radius_server_IP:Port]
secret = RadiusSharedSecret
nostrip
}
Modify virtual server information in /etc/raddb/mods-enabled/eap.conf:
ttls{
.........
.........
virtual_server = "proxy-inner-tunnel"
}
In /etc/raddb/sites-enabled creates a softlink
proxy-inner-tunnel pointing to /etc/raddb/sites-available/proxy-inner-tunnel.
Modify proxy-inner-tunnel to add the proxy realm:
authorize {
update control {
&Proxy-To-Realm := "MYAUTH"
}
}

Related Links

freeRadius, dynamic clients with 32 bit integer mask
how to configure FreeRADIUS to proxy the PAP request inside an EAP-TTLS tunnel
Unable to authorize on FreeRADIUS
how can I configure FreeRADIUS to proxy the PAP request inside an EAP-PEAP-GTC tunnel?
Configure FreeRADIUS to only support EAP TTLS PAP
Freeradius V3 meta-attributes. Check item attributes
Freeradius Crypt-Password authentication
How to get User-Password in inner tunnel from iOS
freeRadius using EAP with custom auth script
How do I validate different users for different SSIDs on a FreeRADIUS server?
FreeRADIUS - how to create a profile for two differnet NAS
Free Radius - Session Timeout, Idle Timeout (disconnecting idle users)
Error from FreeRadius3: No dictionary definition for EAP method md5
Freeradius Unlang Checks against user file
running freeradius on ubuntu 12.04 LTS fails
How to configure a freeradius server to require NAS-IP-Address attribute?

Categories

HOME
svn
openxml
livecode
workflow
softlayer
operating-system
message-queue
braintree
mongoid
jersey-2.0
gallery
visualforce
clone
ag-grid
scheduler
elastic-load-balancer
locationmanager
sonata
complexity-theory
heap-dump
vertica
checkout
coroutine
salt-cloud
android-custom-view
social-tables
coreldraw
fido-u2f
websphere-portal
jpa-2.1
web-config-transform
xdebug
spring-annotations
cube
windowsiot
quick-nimble
winrm
char-pointer
pdfnet
spinner
nsuserdefaults
cordys-opentext
jslint
xvfb
jade4j
ms-dos
mv
strapi
sbjson
imgur
distributed-caching
morphline
ssi
non-linear-regression
karabiner
sigsegv
android-sharing
gtk#
nivo-slider
network-protocols
oid
tablespace
jsonix
mathjs
bilinear-interpolation
visual-studio-monaco
svnserve
mathml
jemdoc
fdt
xcopy
persistent-object-store
ajax4jsf
linuxbrew
featuretoggle
algebraixlib
unidata
uno
back
object-code
nidaqmx
map
django-settings
apache-shindig
mute
sql-view
node.js-stream
rikulo
android-authenticator
user-forums
audiotoolbox
trialware
series-40
fitch-proofs
exponent
dropshadow
delphi-prism
groovy-console
server-variables
winsxs
nosetests
hungarian-notation
activestate
motif
regioninfo

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App