EAP-PEAP (mschapv2) & ssid restriction
Sergey Velikanov
vgray at bk.ru
Wed Dec 21 03:29:55 CET 2005
>> It seems that rlm_mschap do not include Cisco-AVPair =
>> "ssid=is_client" in its auth request
>>
>> How can I solve this situation?
>>
>
> You haven't put enough of the debug log to be certain, but that sounds
> like a reasonable supposition:
>
> try:
>
> eap {
> peap {
> copy_request_to_tunnel = yes
> # other things here
> }
> }
>
>
> PEAP (and in fact TTLS) make a "fake" Radius request from the inner auth
> (e.g. MSCHAP) proxied to 127.0.0.1. That request by default only has a
> small number of AVPs. The copy_request_to_tunnel tells FreeRadius to
> copy the AVPs from the original to the new request.
thanx, it helps.
More information about the Freeradius-Users
mailing list