Proxy - EAP problems

Wladyslaw Pietraszek wap at
Thu Jun 22 10:06:05 CEST 2006

Thanks for the hint.   BTW do you have any links to info about
how to implement  magic Microsoft OID's  - Google search did not give 
much :-(

The authentication for the topology
   access-point <-> pdc (also freeradius)
works and certificates for the proxy are generated in the similar  way. 
I have expected
that  access-point <-> proxy <-> pdc  toplogy should also work.
Furthermore, the same happens with the EAP-TTLS (SecureW2 supplicant) and
in both EAP-methods all "verify server certificates" are unchecked on 
the supplicant site.

--Wladyslaw Pietraszek

Alan DeKok wrote:
> Wladyslaw Pietraszek <wap at> wrote:
>> Authentication  when access-points use 'pdc' directly works fine for 
>> Authentication  for the topology
>>     access-point <-> proxy <-> pdc   
>> fails. Probably supplicant/access-point ignores "access-challenge (EAP)" 
>> response.
>   The reason that happens is most likely that the proxy server
> certificates don't contain the magic Microsoft OID's.
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list