Problem with EAP/MD5 behind proxy

Hans Bornemann hans.bornemann at uni-dortmund.de
Thu Dec 7 13:09:48 CET 2006


Hi Josh,

Thats what i want: stripping the realm at the proxy:

proxy.conf:

..

realm notebook {
        type    = radius
        authhost        = 111.222.111.111:1812
        accthost        = 111.222.111.111:1813
        secret          = blabla
}


users:

....
testuser	User-password == testing

....


Login with testuser at notebook --> Authentication failed on radius-server
no. 2
Login with testuser --> Authentication o.k. on radius-server no. 1

Both radius-server has the same users-file.

Hans





On Thu, 2006-12-07 at 11:28 +0000, Josh Howlett wrote:
> You're stripping the realm at the proxy; add "nostrip" to the realm
> stanza defined in realms.conf for the server you're proxying to.
> 
> Josh. 
> 
> > -----Original Message-----
> > From: 
> > freeradius-users-bounces+j.howlett=ukerna.ac.uk at lists.freeradi
> > us.org 
> > [mailto:freeradius-users-bounces+j.howlett=ukerna.ac.uk at lists.
> > freeradius.org] On Behalf Of Hans Bornemann
> > Sent: 07 December 2006 10:57
> > To: freeradius-users at lists.freeradius.org
> > Subject: Problem with EAP/MD5 behind proxy
> > 
> > Hi,
> > 
> > I run into this problem:
> > 
> > Config:
> > 
> > 802.1x client (Windows XP with 802.1x / md5 ) --> freeradius-proxy -->
> > freeradius-server
> > 
> > Same prg-version on both server (1.1.0)
> > same radius.conf
> > same users file
> > 
> > if i try to authenticate against the proxy without realm, 
> > everything ist
> > o.k.
> > 
> > if i try this with a realm the second radius-server shows this error:
> > 
> > rlm_eap: Identity does not match User-Name, setting from EAP Identity
> > rlm_eap: Failed in handler
> > 
> > 
> > any ideas?
> > 
> > Hans
> > 
> > 
> > -- 
> > Hans Bornemann
> > Universitaet Dortmund - Hochschulrechenzentrum
> > Tel. ++49 231 755 2132  Fax. ++49 231 755 2731
> > 
> > - 
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> > 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Hans Bornemann
Universitaet Dortmund - Hochschulrechenzentrum
Tel. ++49 231 755 2132  Fax. ++49 231 755 2731




More information about the Freeradius-Users mailing list