proxying request edition
Matthew Newton
mcn4 at leicester.ac.uk
Fri Apr 15 16:10:40 CEST 2016
On Fri, Apr 15, 2016 at 11:00:52AM -0300, Nicolas Guerra wrote:
> I have a router (openwrt) and the idea is that wifi authenticate using my
> radius server and my radius server proxy the request to other radius server
> (I can't get much info of this server).
OK.
> when I execute the command in my radius server:
>
> radtest <USER> <PASSWORD> localhost 0 testing123
...
> request that works is:
>
> (10) Sent Access-Request Id 192 from 0.0.0.0:52999 to
> <destination-radius-IP>:1812 length 92
> (10) User-Name = "USER"
> (10) User-Password = "PASSWD"
...
That is PAP.
> request that fails is:
>
> (11) Sent Access-Request Id 46 from 0.0.0.0:52999 to
> <destination-radius-IP>:1812 length 216
> (11) User-Name = "USER"
> (11) Called-Station-Id = "32-B5-C2-38-41-74:<WIFI-SSID>"
...
> (11) EAP-Message = 0x0291001101343137343233344066696e67
...
That is EAP.
> my question is:
> How can I modify the request received from router (openwrt) to make it looks
> like the working one?
You can't. Wireless uses EAP authentication, not plain PAP.
As you are proxying, you need to get the remote RADIUS server to
handle the correct EAP authentication for your device(s).
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list