(RADIATOR) PEAP config and proxying
Rute Sofia
rsofia at seas.upenn.edu
Mon Apr 14 07:22:45 CDT 2003
Hi,
I'm trying to use PEAP with radiator, under the following scenario (the
basic eap_peap config is working):
I want users within my domain mydomain.xpto to authenticate locally (for
now, a text file), and requests from users outside this domain, to be
forwarded to another server.
The radius.cfg I use is bellow. I'm having a problem with the
"anonymous" user: because it is not within my realm, the request is
forwarded by default to the central radius server and hence,
authentication gets rejected. How can I avoid this, what exactly am I
doing wrong?
Radius.cfg:
<Handler TunnelledByPEAP=1>
<AuthBy FILE>
# anonymous-PEAP must be in here:
Filename /tmp/users
# This tells the PEAP client what types of inner EAP
requests
# we will honour
EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Realm mydomain.xpto>
<AuthBy FILE>
Filename /tmp/users
EAPType PEAP
EAPTLS_CAFile
/etc/radius/cert/demoCA/cacert.pem
EAPTLS_CertificateFile
/etc/radius/cert/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
/etc/radius/cert/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
</AuthBy>
</Realm>
#proxies other requests
<Realm DEFAULT>
<AuthBy RADIUS>
Host central-radius.mydomain.xpto
Secret xxxxxx
AuthPort xxx
Retries 3
</AuthBy>
</Realm>
Regards,
Rute Sofia
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list