But according to the configuration file: # The "suffix" module takes care of stripping the domain # (e.g. "@example.com") from the User-Name attribute, and the # next few lines ensure that the request is not proxied. # # If you want the inner tunnel request to be proxied, delete # the next few lines. # update control { Proxy-To-Realm := LOCAL } So I'm confused, what's the right way to handle this situation? On Tue, May 29, 2012 at 4:00 PM, alan buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
certificate errors. What could the windows machine be doing different? Why does the machine even enter the picture when the authentication is between the Access Point and the server?
authentication is between the client and the server - mediated over 802.1X by the Access point. thats why your client has a supplicant on it..
Below is the portion of the log which shows the rejection, when using my Android phone, TTLS and MSCHAPv2 (that is what Windows uses isnt it?) Where I am confused is near the bottom, what is causing the rejection?
Win7 will be EAP-PEAPv0/MSCHAPv2
++[pam] returns invalid
user/pass in pam?
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request.
thats kind of a big clue. dont do that. it breaks things. just define the realm in proxy.conf with no place eg
realm whatever.com { }
rlm_pam: Attribute "User-Password" is required for authentication.
you've forced the server to use PAM? MSCHAPv2 doesnt provide 'User-Password' so wont work.
what ARE you trying to do?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html