postproxy breaks eap authentication
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 17 14:23:09 CET 2010
On 17/11/10 12:31, hans.bornemann at tu-dortmund.de wrote:
> Hi,
>
> I have 2 freeradius server: 1 as proxy server, 1 as authentication
> server. Everything is working fine (Auth. for WPA2, MSCHAPv2 ) until I
> implement the postproxy function:
Post the debugging output, as advised frequently on this list:
radiusd -X | tee log
> post-proxy {
>
> post_proxy_log
>
> #attr_rewrite
>
> attr_filter.post-proxy
You're probably filtering the EAP-Message and other required attributes out
> /etc/freeradius/attrs:
>
> tu-dortmund.de
> Tunnel-Private-Group-ID :=8,
> Fall-Through = Yes
>
> DEFAULT
> Tunnel-Type := VLAN,
> Tunnel-Medium-Type := IEEE-802
This filter is insufficient. Please study the examples - you need at least:
Reply-Message =* ANY,
Proxy-State =* ANY,
EAP-Message =* ANY,
Message-Authenticator =* ANY,
MS-MPPE-Recv-Key =* ANY,
MS-MPPE-Send-Key =* ANY,
MS-CHAP-MPPE-Keys =* ANY,
State =* ANY
...to be sure of EAP working.
More information about the Freeradius-Users
mailing list