Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | ###################################################################### |
| 3 | # |
| 4 | # This is a virtual server that handles *only* inner tunnel |
| 5 | # requests for EAP-TTLS and PEAP types. |
| 6 | # |
| 7 | # $Id$ |
| 8 | # |
| 9 | ###################################################################### |
| 10 | |
| 11 | server proxy-inner-tunnel { |
| 12 | |
| 13 | # |
| 14 | # This example is very simple. All inner tunnel requests get |
| 15 | # proxied to another RADIUS server. |
| 16 | # |
| 17 | authorize { |
| 18 | # |
| 19 | # Do other things here, as necessary. |
| 20 | # |
| 21 | # e.g. run the "realms" module, to decide how to proxy |
| 22 | # the inner tunnel request. |
| 23 | # |
| 24 | |
| 25 | update control { |
| 26 | # You should update this to be one of your realms. |
| 27 | Proxy-To-Realm := "example.com" |
| 28 | } |
| 29 | } |
| 30 | |
| 31 | authenticate { |
| 32 | # |
| 33 | # This is necessary so that the inner tunnel EAP-MSCHAPv2 |
| 34 | # method can be called. That method takes care of turning |
| 35 | # EAP-MSCHAPv2 into plain MS-CHAPv2, if necessary. |
| 36 | eap |
| 37 | } |
| 38 | |
| 39 | post-proxy { |
| 40 | # |
| 41 | # This is necessary for LEAP, or if you set: |
| 42 | # |
| 43 | # proxy_tunneled_request_as_eap = no |
| 44 | # |
| 45 | eap |
| 46 | } |
| 47 | } |