[RADIATOR] EAP-TTLS: How to forward inner requests to different backends depending on the inner authentication?
Matti Saarinen
mjsaarin at cc.helsinki.fi
Thu Jan 16 06:12:06 UTC 2020
Heikki Vatiainen wrote:
> My suggestion is this:
>
> <Handler TunnelledByTTLS=1, ExistsInRequest=EAP-Message>
> # Send EAP to Windows
> </Handler>
>
> <Handler TunnelledByTTLS=1>
> # Handle non-EAP here
> </Handler>
Thanks. That pointed me to the right direction.
It appears, that in our case the MSCHAPv2 part didn't have any EAP
headers. So, instead I used MS-CHAP-Challenge=/.+/. That worked.
For some reason, I haven't managed to get TTLS+EAP-MSHCAPv2 working so
far . I've yet to debug this further. Luckily, very small part (if any)
of our users use that combination
Cheers,
Matti
More information about the radiator
mailing list