29 Aug
2013
29 Aug
'13
1:16 p.m.
Phil Mayers wrote:
[peap] Got tunneled request EAP-Message = 0x02090006031a
0x03 == 3 = NAK, 0x1a == 26 == MS-EAP (SoH, I think?)
That's EAP-MSCHAP-v2.
...which the proxy server then rejects:
rad_recv: Access-Reject packet from host 155.97.185.76 port 1812, id=71, length=49 Proxy-State = 0x313232 EAP-Message = 0x04090004
So the solution is simple - if you're going to proxy the inner auth, ensure the client inner auth method and upstream proxy auth method are mutually compatible.
i.e. set "proxy_tunneled_request_as_eap = no" Alan DeKok.