PEAP mschapv2 Proxy not working.

Ivan Kalik tnt at kalik.net
Wed Feb 6 21:04:43 CET 2008 

Inner request for PEAP is EAP-MSCHAPv2 not MSCHAPv2.

Ivan Kalik
Kalik Informatika ISP


Dana 6/2/2008, "Andrew Olson" <anolson at exchange.vt.edu> piše:

>I got 2.0.1 patched, compiled and configured.  I'm still seeing the same
>behaving listed below.  Could it be something with my config.
>
>I'm simply doing:
>
>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
>
>
>Thanks,
>Andrew Olson
>
>
>
>Dmitry Sergienko wrote:
>> Hi!
>>
>> If you still have no luck with 1.1.7 proxying mschapv2, try to move to
>> 2.0.1 with patches in event.c discussed yesterday in freeradius-users.
>> I'm trying to do the same authentication - extract MS-CHAPv2 from PEAP
>> and authorize inner request against external RADIUS server. With 2.0.1
>> and a patch at least eapol_test passes authorization.
>>
>> Andrew Olson wrote:
>>> Hello,
>>>
>>> I'm having trouble getting freeradius-1.1.7 to proxy PEAP-mshcapv2 to
>>> another RADIUS server.  My other server doesn't do EAP, so I'm just
>>> sending mschapv2 achieved with proxy_tunneled_request_as_eap = no in
>>> eap.conf.
>>>
>>> When I proxy to my other server, I get back an Access-Accept packet.
>>> Then, freeradius sends an Access Challenge to the client, receives a
>>> response and then things appear to break.
>>>
>>> I am able to successfully authenticate users with PEAP by defining
>>> them locally in the users file.  Additionally, I have gotten TTLS to
>>> work by proxying to another server, it's just PEAP that I'm having
>>> problems with.
>>>
>>> The differing line in the debug seems to be:
>>> <proxied>
>>>   eaptls_process returned 7
>>>   rlm_eap_peap: EAPTLS_OK
>>>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>>>   rlm_eap_peap: EAP type mschapv2
>>>
>>> -vs-
>>>
>>> <non-proxied>
>>>
>>>   eaptls_process returned 7
>>>   rlm_eap_peap: EAPTLS_OK
>>>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>>>   rlm_eap_peap: Received EAP-TLV response.
>>>
>>>
>>> I'm running a pretty standard config, I think.  I can send copies of
>>> it, if that would help.
>>>
>>> Thanks,
>>> Andrew Olson
>>>
>>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list