Proxying MS-CHAPv2

Norman Elton normelton at gmail.com
Thu Nov 2 14:32:37 CET 2017


We've been running FreeRADIUS for our wireless 802.1x infrastructure
for years, without problem (thanks!). FreeRADIUS basically proxies
back to our Windows NPS servers, then injects a VLAN assignment using
unlang on the Access-Accept.

Now we're deploying the same architecture for our wired
infrastructure. I've noticed that the authentication requests between
the FreeRADIUS servers and NPS for our wired infrastructure is all
EAP, which is getting rejected since our NPS servers are expecting
PEAP. I'm assuming I need to specifically tell FreeRADIUS that the
back-end authentication needs to take place over PEAP, but don't see
where that would be configured. It's basically the same config as our
wireless infrastructure, but in that case, PEAP/MS-CHAPv2 is
configured on the access points.

Am I missing something obvious here?

Thanks,

Norman Elton


More information about the Freeradius-Users mailing list