Proxy EAP - TLS Nesting.

brisstony21 at free.fr brisstony21 at free.fr
Wed Apr 28 17:46:01 CEST 2010


Hi thanks for your reply.

I have to proxy all authentication request to virtual server (not just PEAP). We
have differents kind of internals users (student, staff, guest, ...). Each of
them is managed by one virtual server associated to one realm, example : for the
student :

realm student.university.fr {
virtual_server = student
}

server student {

....

}

I can only specify one IP adresse and one port in NAS configuration (wired dot1x
and wireless network) and I will use the proxy port (1812).

Maybe there is another method to do that... But I think that use a proxy is the
best way.


Selon Alan DeKok <aland at deployingradius.com>:

> brisstony21 at free.fr wrote:
> > I have some troubles to proxy PEAP requests to (internal) virtual server :
> > I have one proxy server (with realms define in proxy.conf file) that
> forward the
> > request internally to a virtual server define in site-enabled directory.
>
>   Why is there a need to proxy the PEAP packets?
>
> > For basic authentication request (PAP, CHAP, MSCHAP, ...) , authentication
> is
> > successful, but with PEAP it doesn't work (work with EAP-TTLS). I have this
> > error message : "Multiple levels of TLS nesting is invalid".
>
>   <sigh>  Deleting all of the other messages doesn't help.
>
>   Are you sure it's just PEAP (MSCHAP), and not PEAP-TLS?
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>





More information about the Freeradius-Users mailing list