Hello Guys<br><br>I need a help to use proxy request to virtual_server using EAP-TTLS and EAP-PEAP<br><br>I have the following scenario:<br><br>I have a Radius Sever (version 2.1.10), this server on a Linux Debian 6<br><br>
This server must authenticate users of my wireless network. But my network is interconnected with several educational institutions, and users of these institutions are in my network.<br><br>For users who are in my company, I want to authenticate them in my radius server, for users who are from other institutions to do routing or proxy server.<br>
<br><br>I already have configured the authentication of my users using LDAP as a backend.<br><br>My users will be divided into groups, each group has its own realm, each realm and forwards the authentication to a virtual server.<br>
<br>If my users try to authenticate without entering the realm, it works OK.<br>If users try to authenticate other institutions stating the realm of the institution, my radius is usually the proxy, and it works OK.<br>if my users try to authenticate informing realm, I see in debug mode the virtual server is invoked, but the authentication does not happen, he accuses the following error:<br>
<br># Executing group from file /etc/freeradius/sites-enabled/inner-tunnel<br>+- entering group authenticate {...}<br>[eap] Multiple levels of TLS nesting is invalid.<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>
Failed to authenticate the user.<br>} # server inner-tunnel<br><br>Apparently he often wraps the request with TLS, and can no longer decapsulation.<br><br>If you do a test without using EAP authentication (via radtest) authentication with realm works.<br>
<br>Apparently he often wraps the request with TLS, and can no longer decapsulation.<br><br><br>Enough already researched on the internet but have not found a solution.<br><br>I need to make a proxy for virtual_server using EAP.<br>
<br>If any can help me thank you.<br><br>Sincerely John<br clear="all"><br>