Freeraius vs NPS
Alan DeKok
aland at deployingradius.com
Fri May 5 13:36:35 CEST 2017
On May 4, 2017, at 11:48 PM, Martin, Jeremy <jmartin at emcc.edu> wrote:
>
> I would like to thank everyone for there time, looks like we are going to have to stick with NPS as it seem to be the product that supports the solution that returns whatever needs to be returned back to the switch. In this particular case though nothing to do with MS-CHAP its all MD5 based.
If it's EAP-MD5, then there is *nothing* in the packets which can cause this behaviour. EAP-MD5 simply doesn't support that functionality.
And the packet traces you posted are unhelpful. For one, they contain tons of non-EAP / non-RADIUS traffic. There's no reason to send ARP captures to this list.
For two, they contain *both* EAPoL and RADIUS traffic. This doesn't make sense. If you're authenticating an end device, it should NEVER get RADIUS traffic.
And the only EAP traffic is Identity request / response packets. And the only RADIUS traffic is Access-Reject.
Nothing about that traffic makes any sense whatsoever.
Something else is going on.
Alan DeKok.
More information about the Freeradius-Users
mailing list