User attributed missing from access accept message

Alan DeKok aland at deployingradius.com
Tue Jun 22 12:50:23 CEST 2010


Carroll, Diana C wrote:
> I have a FreeRADIUS server that takes a TTLS request, handles the TLS outer authentication locally, and then proxies the MSCHAPv2 inner authentication to another server based on the realm specified in the user request.
> 
> When it receives the MSCHAPv2 access-accept message from one server (another FreeRADIUS server), it includes the user attributes in the access-accept message to the client as expected.  However, when it receives the MSCHAPv2 access-accept message from the second server (an NPS server) it does not include the user attributes in the access-accept message to the client, resulting in a connection failure.

  This works in 2.1.9.  Set "use_tunneled_reply = yes" in eap.conf.

  Alan DeKok.



More information about the Freeradius-Users mailing list