Hi all, I found very much usefull information about this configuration on the internet. But I have still problem with this configuration. I need terminated PEAP locally on the Freeradius and redirect only mschapv2 to IAS server for authentication. Authentication server: FreeRadius.net version: 1.1.7 Supplicant: Win XP SP2 (with PEAP) Authenticator: Ovislink WL-5460AP v2 - users.conf DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := Safeword - proxy.conf realm Safeword { type = radius authhost = <ip>:1645 accthost = <ip>:1646 secret = <secret> } - eap.conf peap { default_eap_type = mschapv2 proxy_tunneled_request_as_eap = no } Everything work OK, Ovislink send request to FreeRadius server, FreeRadius send Access-Request to IAS (mschapv2) IAS send Access-Accept, but Ovislink received Access-Challenge from FreeRadius, one two, three ... and on the end authetication failed. If I use user database on FreeRadius everything work OK. (Access-Request, Access-Accept) no problem. Is it possible configure FreeRadius as only resend reply from IAS to Ovislink? Or I have problem with configuration. If you want I send you configuration files and log from debug mode. I want this configuration because I want use one time password authetication, but Safeword plugin on Active Directory doesn't understand PEAP protocol. Only one way is use FreeRadius as proxy. Thank you for your help. Rgdrs, Radim
Hi,
Everything work OK, Ovislink send request to FreeRadius server, FreeRadius send Access-Request to IAS (mschapv2) IAS send Access-Accept, but Ovislink received Access-Challenge from FreeRadius, one two, three ... and on the end authetication failed.
proxied connection - by default you will probably have the default proxy attributes set - which will filter out required attributes for successful replies to be returned. you will need to add a new entry to 'trust' the IAS return values - and have more attributes allowed through. alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Radim KUPKA