EAP-PEAP-MSCHAPv2 hack for FreeRADIUS 1.1.3<br>If anyone has been following the threads<br><a href="http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg30477.html">http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg30477.html
</a><br><a href="http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg22903.html">http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg22903.html</a><br>The solution was:<br>Edit :<br>freeradius-1.1.3
/src/main/request_list.c<br>Comment out line 321:<br>-----------------------------------------<br>proxy_ipaddr = listener->ipaddr;<br>change to<br>/*proxy_ipaddr = listener->ipaddr;*/<br>-----------------------------------------
<br>Comment out line 797:<br>request->proxy->src_ipaddr = proxy_ipaddr;<br>Change to<br>/*request->proxy->src_ipaddr = proxy_ipaddr;*/<br>----------------------------------------<br>Compile request_list.c<br>
make && make install<br>and we have FreeRADIUS 1.1.3 successfully authenticating:<br><br>Microsoft Windows Supplicant -------> Request--------> Proxy Server -------- MSCHAPv2------> Home Server
<br>(WPA1/TKIP/PEAP) (PEAP tunnel ends) (Access Accept)<br>
Microsoft Windows Supplicant <------- Response------ Proxy Server <--------- MSCHAPv2------ Home Server<br>(success) (Copy to PEAP tunnel)<br>
--------------------------------------------------<br>/etc/raddb/users file (proxy server)<br><br>DEFAULT User-Name =~ "@<a href="http://somerealm.net">somerealm.net</a>", FreeRADIUS-Proxied-To == <a href="http://127.0.0.1">
127.0.0.1</a>, Proxy-To-Realm := inner-somerealm<br><br>/etc/raddb/proxy.conf file (proxy server)<br><br>realm <a href="http://somerealm.net">somerealm.net</a> {<br> type = radius<br> authhost = LOCAL
<br> accthost = LOCAL<br> nostrip<br>}<br>realm inner- somerealm{<br> type = radius<br> authhost = xxxxxxxxx:1645<br> accthost = xxxxxxxxx:1646<br> secret = xxxxxxxx
<br> ldflag = round_robin<br> nostrip<br>}<br>-------------------------------------------------<br>/etc/raddb/users file (home server)<br><br><a href="mailto:kirkhammet@somerealm.net">kirkhammet@somerealm.net</a>
User-Password == xxxxxxxxxx<br> Reply-Message = "Enter Sandman!"<br>-------------------------------------------------<br><br>Good luck :)<br>
Yogesh Nagarkar<br> <br><br>------------------- Related thread ----------------------------------<br><pre style="margin: 0em;">
I have tried the examples in those postings as well as suggestions from other<br>postings without any success. I have started with the default config and turned<br>on the debug option. However, looking at the debug output yet I couldn't quite
<br>figure out what went wrong.<br><br>What I got so far is as follow:<br>1) Send a PEAP/MSCHAPv2 request using Linux's Xsupplicant or Mac client to the <br>proxy radius<br>2) Proxy radius terminated EAP locally and proxied request (MSCHAPv2 minus EAP)
<br>to home radius<br>3) Home radius responded with an access-accept packet to proxy radius<br>4) Proxy Radius sent access-reject to client. See error output below.<br><br>Tue Oct 3 20:10:37 2006 : Debug: rlm_eap: Request not found in the list
<br>Tue Oct 3 20:10:37 2006 : Error: rlm_eap: Either EAP-request timed out OR <br>EAP-response<br>to an unknown EAP-request<br>Tue Oct 3 20:10:37 2006 : Debug: rlm_eap: Failed in handler<br><br>I am running Freeradius
1.1.3 and have attached below my configuration files <br>and an excerpt of<br>the debug output hoping that the mistake would look obvious to some of you and <br>that you could<br>provide some helpful pointers or links.<br>
<br>Thanks a lot for your help.<br><br><br>-David<br><br></pre><tt>In case, anyone is following this thread, the problem was solved by
</tt><tt>downgrading from Freeradius 1.1.2 and above running on Solaris 9 down to
</tt><tt>Freeradius 1.0.5 running on the same OS. Still tracing this issue
</tt><tt>through the debugger and will post to this thread if more information is
</tt><tt>available.
</tt><pre style="margin: 0em;">Best,<br>David<br>----------------------------------------------------------------------<br><br><br><br></pre><br><br>