FreeRadius proxy to MS-NPS for MSCHAPv2 authentication.
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 16 14:13:47 CEST 2012
On 16/05/12 12:16, Jan Hugo Prins wrote:
>
> Does anyone have an idea what problem I'm facing here?
Wild guess - set "copy_request_to_tunnel = yes" on your EAP method(s).
The outer packets contain (amongst others):
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "0023144E6060"
Called-Station-Id = "000B866DB51C"
Service-Type = Login-User
Framed-MTU = 1100
Aruba-Essid-Name = "BBTest"
Aruba-Location-Id = "d8:c7:c8:cb:67:0a"
Aruba-Attr-10 = 0x544330332d566c6f657232
Since you don't have "copy_request_to_tunnel" set, the inner, and thus
proxied, packets don't have these attributes.
From experience, NPS policies tend to match on these. Either configure
FreeRADIUS to send these attributes (by copying the from outer to inner)
or change your NPS policies to not look for them.
More information about the Freeradius-Users
mailing list