Proxying authentication from FreeRadius to Cisco ACS
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Jan 19 14:40:01 CET 2011
Hi,
as per message previously sent, 'eduroam' SSID must be all lowercase.
and thats a MUST. SSID are case sensitive...if you have Eduroam then all visiting clients
will need to be reconfigured to use it.
> Suse Linux 12. I am proxying authentication requests to a Cisco ACS. When
> testing using radtest from the FreeRadius box authentication is proxyed to
> ACS fine and i get an access-accept back. However when i try from a
> wireless client the proxy response from the ACS is an Access-Reject. In
> the failed attempts logs on the ACS it says bad username or password. i'm
> pretty sure im using the correct password. Is there any reason why this
> should not work? I've posted my logs below:-
> length=61
> Proxy-State = 0x323130
> EAP-Message = 0x04a00004
> Reply-Message = "Rejected\n\r"
> Message-Authenticator = 0xbcede120e168d2d92558e5f4ab8e03d5
check your ACS logs to find out why it went wrong - as thats the system that
decided that things werent right - FreeRADIUS is just a simple proxy in this
picture. I would assume that its something to do with the realm not being handled
correctly....you might need to strip or nostrip it (in proxy.conf) depending
on your ACS configuration and policy settings.
PS as per other response, signature seperator is '--' and please dont put legal
junk in your emails to public lists
alan
More information about the Freeradius-Users
mailing list