Freeradius-Users Digest, Vol 43, Issue 17
Kerry Tobin
kwtobin at wisc.edu
Wed Nov 5 15:25:01 CET 2008
OK, I think I'm another step closer now. I made the suggested change
and there was no change in the logs. EAP still was not being done on
the local machine and was failing on the proxy. However, I tried
creating a second domain, set the original domain to go to LOCAL and
the second domain to go to the proxy server. When I do that the proxy
properly authenticates to Open Directory, step one. However,
eventually I get a failure in rlm_eap again.
modcall: entering group authenticate for request 8
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
EAP-request
rlm_eap: Failed in handler
Am I on to the beginning of a solution by using two domains or do I
need to go back and then change something else?
Kerry Tobin
>
> ------------------------------
>
> Message: 7
> Date: Wed, 05 Nov 2008 00:07:50 +0100
> From: <tnt at kalik.net>
> Subject: Re: Unable to authenticate to Open Directory
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Message-ID: <OVuOqjFE.1225840070.2492580.tnt at kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
>> I think we're back to what I had been trying to do on my test
>> machines
>> now and still can't seem to get working.
>>
>> When I add "DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-
>> Realm := DOMAIN" to users of the first server (I believe that's the
>> correct place to put it). I get "rlm_eap: Request is supposed to be
>> proxied to Realm DOMAIN. Not doing EAP." on the first server and the
>> proxy server still says " rlm_eap: Identity does not match User-Name,
>> setting from EAP Identity."
>>
>
> There is a setting proxy_tunneled_request_as_eap in peap section of
> eap.conf. Change that to no.
>
> Ivan Kalik
> Kalik Informatika ISP
>
More information about the Freeradius-Users
mailing list