PEAP mschapv2 Proxy not working.

[Andrew Olson]

I got 2.0.1 patched, compiled and configured.  I'm still seeing the same 
behaving listed below.  Could it be something with my config.

I'm simply doing:

DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"


Thanks,
Andrew Olson



Dmitry Sergienko wrote:
> Hi!
> 
> If you still have no luck with 1.1.7 proxying mschapv2, try to move to 
> 2.0.1 with patches in event.c discussed yesterday in freeradius-users. 
> I'm trying to do the same authentication - extract MS-CHAPv2 from PEAP 
> and authorize inner request against external RADIUS server. With 2.0.1 
> and a patch at least eapol_test passes authorization.
> 
> Andrew Olson wrote:
>> Hello,
>>
>> I'm having trouble getting freeradius-1.1.7 to proxy PEAP-mshcapv2 to 
>> another RADIUS server.  My other server doesn't do EAP, so I'm just 
>> sending mschapv2 achieved with proxy_tunneled_request_as_eap = no in 
>> eap.conf.
>>
>> When I proxy to my other server, I get back an Access-Accept packet.  
>> Then, freeradius sends an Access Challenge to the client, receives a 
>> response and then things appear to break.
>>
>> I am able to successfully authenticate users with PEAP by defining 
>> them locally in the users file.  Additionally, I have gotten TTLS to 
>> work by proxying to another server, it's just PEAP that I'm having 
>> problems with.
>>
>> The differing line in the debug seems to be:
>> <proxied>
>>   eaptls_process returned 7
>>   rlm_eap_peap: EAPTLS_OK
>>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>>   rlm_eap_peap: EAP type mschapv2
>>
>> -vs-
>>
>> <non-proxied>
>>
>>   eaptls_process returned 7
>>   rlm_eap_peap: EAPTLS_OK
>>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>>   rlm_eap_peap: Received EAP-TLV response.
>>
>>
>> I'm running a pretty standard config, I think.  I can send copies of 
>> it, if that would help.
>>
>> Thanks,
>> Andrew Olson
>>
>>