=?UTF-8?Q?freeradius-proxy_+_PAP_works, _PEAP_and_the_rest_doesn=C2=B4t?=
Alan DeKok
aland at deployingradius.com
Thu Jul 3 17:40:08 CEST 2008
uni at christiankraus.de wrote:
> Well, what do I want?
>
> - External users should be able to login on WLAN via 802.1X with
> MSCHAPv2/PEAP in Windows XP.
That's relatively easy. In 2.0, just install it, configure a
user/password (see the FAQ), start it in debug mode as root, and
un-check "validate server certificate" on the Windows box.
> When using local radtest to verify the user, everything looks okay. But as
> soon I take a windows client, properly configured, or the radeapclient, it
> doesn´t work.
>
> Here is the output from radius -X.
> It is 1.1.7, but the same errors occur on version 2.0.5:
Don't run 1.1.7. Honest.
> #/This message appears about 2000+ times
<shrug> It's 1.1.7.
> rad_recv: Access-Reject packet from host 139.212.22.110:1812, id=1,
> length=40
> Reply-Message = "Request Denied"
> Proxy-State = 0x3931
So... the home server is rejecting the user.
Have you run the home server in debug mode to see what it's doing, and
why it's rejecting the request? If not, why not? Is it even FreeRADIUS?
My guess is that the home server cannot do EAP. If so, why are you
"going crazy with freeradius"? You're blaming the proxy for the actions
of the home server.
Go fix the home server to do EAP. If you can't make it do EAP, throw
it away, and replace it with FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list