Have a go hero – testing proxying of EAP authentication
Test the proxying of EAP authentication between my-org.com and your-org.com by doing the same set of tests that was listed in the table earlier. You will notice that the reply AVPs will be missing when running tunneled EAP methods. To enable the return of reply AVPs in these EAP methods, be sure to change the following directive in the peap and ttls sections inside the eap.conf file located under the FreeRADIUS configuration directory from use_tunneled_reply = no to use_tunneled_reply = yes.
Note
The proxying of tunneled EAP methods never exposes the user details and passwords located inside the tunnel to the RADIUS servers that forward the request. This is more secure than other authentication protocols like PAP.
Removing and replacing reply attributes
Since you have no control over the AVPs that are returned from an external home server, it is simply good practice to manage these attributes and their values after they are returned...
