Proxy - EAP problems
Wladyslaw Pietraszek
wap at cs.aau.dk
Wed Jun 21 17:33:34 CEST 2006
Hi,
We are trying to configure freeradius (v1.1.2) server hierarchy where
authentication request
are sent from wireless supplicants (802.1x) through the proxy radius
server (host 'radius')
to the authentication server (host 'pdc'). We use EAP-PEAP and EAP-TTLS
and 'ntlm_auth'
feature on the 'pdc' for authentication. The same hierarchy is used for
VPN box authentication
(using LDAP).
Authentication when access-points use 'pdc' directly works fine for
EAP-PEAP/TTLS.
Authentication for the topology
access-point <-> proxy <-> pdc
fails. Probably supplicant/access-point ignores "access-challenge (EAP)"
response.
VPN (LDAP) authentication works fine with proxy (and directly with pdc).
Attached log files for the 'pdc' (pdc_log.txt) and the proxy 'radius'
(radius_log.txt) - for
failed EAP-PEAP authentication and successful authentication
directly against the 'pdc' (pdc_ok_log.txt).
Any suggestions what goes wrong with EAP through the proxy and how to
correct the problem?
Regards,
--
W. A. Pietraszek email: wap at cs.aau.dk
Computer Science Dept. phone: (+45) 96 35 89 07
Aalborg University fax: (+45) 98 15 98 89
Fredrik Bajers Vej 7E , DK-9220 Aalborg, Denmark
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pdc_log.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060621/37233839/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pdc_ok_log.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060621/37233839/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius_log.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060621/37233839/attachment-0002.txt>
More information about the Freeradius-Users
mailing list