Freeradius reply attribute problem when using PEAP

Terry Kantorowski terry.kantorowski at gmail.com
Fri Aug 8 18:30:44 CEST 2014


I'm trying to get Freeradius to authenticate wireless users. AVPs
don't pass when clients use PEAP even with tunneled reply on. If I force
the client to TTLS it works fine, passes AVPs everyones happy. Problem
is, windows android and ios all default to PEAP. Has anyone else run
into this? Any help is greatly appreciated.

Freeradius FreeRADIUS Version 3.0.3, for host
x86_64-unknown-linux-gnu, built on Jun  6 2014 at 13:18:16
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT

I have included ttls and peap settings of my eap file:

ttls {
tls = tls-common
default_eap_type = md5
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}

peap {
tls = tls-common
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}

Installed newer freeradius from source with same result:
FreeRADIUS Version 3.1.0 (git #9a810bd), for host
x86_64-unknown-linux-gnu, built on Aug  8 2014 at 11:53:47
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT


More information about the Freeradius-Users mailing list