Proxying question for Eduroam
Peter Kruppa
Peter.Kruppa at phl.be
Thu Oct 14 09:35:04 CEST 2010
Hi all,
We use a freeradius proxy for proxying wireless PEAP requests to one of
our two domains (via IAS and NPS in the near future) or to the next
Eduroam proxy.
Visa versa PEAP requests send by our students at other schools are
forwarded to our freeradius proxy.
Everything seems to work when we use the wireless clients of Windows,
Mac OS 10, Linux, smartphones, etc...), but there is one scenario where
it won't work and what some schools use for testing.
I managed to reproduce that situation by using eapol_test, in that case
requests to IAS aren't logged and it never replies with a
Access-Challenge.
The versions of the software are:
FreeRADIUS 2.1.8+dfsg-1ubuntu1
OpenSSL 0.9.8k-7ubuntu8.3
Eapol_test from wpa_supplicant 0.7.3
The configuration is simple and transparant, we have some clients and
some proxies, on the base of the realm the request is proxied to the
next radius server, without termination of EAP at freeradius.
If EAP is the problem, I could terminate the EAP tunnel for our 2 domain
on freeradius, how should I do that? Do I need to use the inner-tunnel?
Or proxy-inner-tunnel (what about Proxy-To-Realm than because we have 2
domains)?
In any case I would like to use a method without using winbind.
Hope someone will give me a hint...
Best regards,
Peter Kruppa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101014/89b99537/attachment.html>
More information about the Freeradius-Users
mailing list