[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Proxy CHAP into EAP session
From:       Alan Buxey <alan.buxey () gmail ! com>
Date:       2017-09-22 18:50:04
Message-ID: CAOVYXj-tYXBJ=_YEZjha2NM=gW7GNqqynKRxFNZ3n-fr+QibsA () mail ! gmail ! com
[Download RAW message or body]

With PAP this can be done.... You can take the request then send it on via
external client in whatever form you want eg PEAP, capture the result and
send back relevant access accept or reject to the original NAS/client

I had to engineer such a thing for a previous client

But it's seriously nasty really.

alan



On 22 Sep 2017 7:41 pm, "Jonathan" <huffelduffel@gmail.com> wrote:

> I can also receive PAP (cleartext) and convert it.
>
> The problem I have is that the secondary backend only supports RADIUS EAP
> messages and it cannot be changed while the NAS doesn't support EAP
> messages..., so i need to somehow broker between the two.
>
> How could i tunnel CHAP inside of EAP-TTLS, that would be very useful.
>
> Can i do this somehow by calling / using radeapclient? even though i would
> need to catch the responses from radeapclient back...
>
>
> On Fri, Sep 22, 2017 at 8:20 PM, Alan DeKok <aland@deployingradius.com>
> wrote:
>
> > On Sep 22, 2017, at 1:54 PM, Jonathan <huffelduffel@gmail.com> wrote:
> > >
> > > I'm looking for a way on how to proxy / recreate a session into an EAP
> > > session.
> > >
> > > STEPS
> > > 1
> > > normal RADIUS session with CHAP password
> > > Received by RADIUS server1
> > >
> > > 2
> > > RADIUS server1 converts/proxies it into a second RADIUS request but as
> an
> > > EAP session towards a RADIUS server2 which handles the full request.
> >
> >   It's not possible.
> >
> >   It may be theoretically possible to convert CHAP to EAP-MD5, but that
> > isn't very useful.
> >
> >   It may also be theoretically possible to tunnel CHAP inside of
> EAP-TTLS,
> > but that also isn't useful.  And FreeRADIUS can't do it.
> >
> >   The better question is why are you trying to do this?
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]