Freeradius-Users Digest, Vol 43, Issue 17

Kerry Tobin kwtobin at wisc.edu
Wed Nov 5 15:25:01 CET 2008


OK, I think I'm another step closer now.  I made the suggested change  
and there was no change in the logs.  EAP still was not being done on  
the local machine and was failing on the proxy.  However, I tried  
creating a second domain, set the original domain to go to LOCAL and  
the second domain to go to the proxy server.  When I do that the proxy  
properly authenticates to Open Directory, step one.  However,  
eventually I get a failure in rlm_eap again.

modcall: entering group authenticate for request 8
   rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown  
EAP-request
   rlm_eap: Failed in handler

Am I on to the beginning of a solution by using two domains or do I  
need to go back and then change something else?

Kerry Tobin
>
> ------------------------------
>
> Message: 7
> Date: Wed, 05 Nov 2008 00:07:50 +0100
> From: <tnt at kalik.net>
> Subject: Re: Unable to authenticate to Open Directory
> To: "FreeRadius users mailing list"
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <OVuOqjFE.1225840070.2492580.tnt at kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
>> I think we're back to what I had been trying to do on my test  
>> machines
>> now and still can't seem to get working.
>>
>> When I add "DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-
>> Realm := DOMAIN" to users of the first server (I believe that's the
>> correct place to put it). I get "rlm_eap: Request is supposed to be
>> proxied to Realm DOMAIN.  Not doing EAP." on the first server and the
>> proxy server still says " rlm_eap: Identity does not match User-Name,
>> setting from EAP Identity."
>>
>
> There is a setting proxy_tunneled_request_as_eap in peap section of
> eap.conf. Change that to no.
>
> Ivan Kalik
> Kalik Informatika ISP
>




More information about the Freeradius-Users mailing list