22 Jun
2010
22 Jun
'10
6:50 a.m.
Carroll, Diana C wrote:
I have a FreeRADIUS server that takes a TTLS request, handles the TLS outer authentication locally, and then proxies the MSCHAPv2 inner authentication to another server based on the realm specified in the user request.
When it receives the MSCHAPv2 access-accept message from one server (another FreeRADIUS server), it includes the user attributes in the access-accept message to the client as expected. However, when it receives the MSCHAPv2 access-accept message from the second server (an NPS server) it does not include the user attributes in the access-accept message to the client, resulting in a connection failure.
This works in 2.1.9. Set "use_tunneled_reply = yes" in eap.conf. Alan DeKok.