Inner request for PEAP is EAP-MSCHAPv2 not MSCHAPv2. Ivan Kalik Kalik Informatika ISP Dana 6/2/2008, "Andrew Olson" <anolson@exchange.vt.edu> piše:
I got 2.0.1 patched, compiled and configured. I'm still seeing the same behaving listed below. Could it be something with my config.
I'm simply doing:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
Thanks, Andrew Olson
Dmitry Sergienko wrote:
Hi!
If you still have no luck with 1.1.7 proxying mschapv2, try to move to 2.0.1 with patches in event.c discussed yesterday in freeradius-users. I'm trying to do the same authentication - extract MS-CHAPv2 from PEAP and authorize inner request against external RADIUS server. With 2.0.1 and a patch at least eapol_test passes authorization.
Andrew Olson wrote:
Hello,
I'm having trouble getting freeradius-1.1.7 to proxy PEAP-mshcapv2 to another RADIUS server. My other server doesn't do EAP, so I'm just sending mschapv2 achieved with proxy_tunneled_request_as_eap = no in eap.conf.
When I proxy to my other server, I get back an Access-Accept packet. Then, freeradius sends an Access Challenge to the client, receives a response and then things appear to break.
I am able to successfully authenticate users with PEAP by defining them locally in the users file. Additionally, I have gotten TTLS to work by proxying to another server, it's just PEAP that I'm having problems with.
The differing line in the debug seems to be: <proxied> eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2
-vs-
<non-proxied>
eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response.
I'm running a pretty standard config, I think. I can send copies of it, if that would help.
Thanks, Andrew Olson
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html