[RADIATOR] EAP-TTLS: How to forward inner requests to different backends depending on the inner authentication?

Matti Saarinen mjsaarin at cc.helsinki.fi
Thu Jan 16 06:12:06 UTC 2020

Heikki Vatiainen wrote:

> My suggestion is this:
> <Handler TunnelledByTTLS=1, ExistsInRequest=EAP-Message>
>   # Send EAP to Windows
> </Handler>
> <Handler TunnelledByTTLS=1>
>   # Handle non-EAP here
> </Handler>

Thanks. That pointed me to the right direction.

It appears, that in our case the MSCHAPv2 part didn't have any EAP
headers. So, instead I used MS-CHAP-Challenge=/.+/. That worked.

For some reason, I haven't managed to get TTLS+EAP-MSHCAPv2 working so
far . I've yet to debug this further. Luckily, very small part (if any)
of our users use that combination



More information about the radiator mailing list