Proxy - EAP problems
Wladyslaw Pietraszek
wap at cs.aau.dk
Thu Jun 22 10:06:05 CEST 2006
Thanks for the hint. BTW do you have any links to info about
how to implement magic Microsoft OID's - Google search did not give
much :-(
The authentication for the topology
access-point <-> pdc (also freeradius)
works and certificates for the proxy are generated in the similar way.
I have expected
that access-point <-> proxy <-> pdc toplogy should also work.
Furthermore, the same happens with the EAP-TTLS (SecureW2 supplicant) and
in both EAP-methods all "verify server certificates" are unchecked on
the supplicant site.
--Wladyslaw Pietraszek
Alan DeKok wrote:
> Wladyslaw Pietraszek <wap at cs.aau.dk> wrote:
>
>> Authentication when access-points use 'pdc' directly works fine for
>> EAP-PEAP/TTLS.
>> Authentication for the topology
>> access-point <-> proxy <-> pdc
>> fails. Probably supplicant/access-point ignores "access-challenge (EAP)"
>> response.
>>
>
> The reason that happens is most likely that the proxy server
> certificates don't contain the magic Microsoft OID's.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list