Thanks for the hint. BTW do you have any links to info about how to implement magic Microsoft OID's - Google search did not give much :-( The authentication for the topology access-point <-> pdc (also freeradius) works and certificates for the proxy are generated in the similar way. I have expected that access-point <-> proxy <-> pdc toplogy should also work. Furthermore, the same happens with the EAP-TTLS (SecureW2 supplicant) and in both EAP-methods all "verify server certificates" are unchecked on the supplicant site. --Wladyslaw Pietraszek Alan DeKok wrote:
Wladyslaw Pietraszek <wap@cs.aau.dk> wrote:
Authentication when access-points use 'pdc' directly works fine for EAP-PEAP/TTLS. Authentication for the topology access-point <-> proxy <-> pdc fails. Probably supplicant/access-point ignores "access-challenge (EAP)" response.
The reason that happens is most likely that the proxy server certificates don't contain the magic Microsoft OID's.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html