User attributed missing from access accept message
Alan DeKok
aland at deployingradius.com
Tue Jun 22 12:50:23 CEST 2010
Carroll, Diana C wrote:
> I have a FreeRADIUS server that takes a TTLS request, handles the TLS outer authentication locally, and then proxies the MSCHAPv2 inner authentication to another server based on the realm specified in the user request.
>
> When it receives the MSCHAPv2 access-accept message from one server (another FreeRADIUS server), it includes the user attributes in the access-accept message to the client as expected. However, when it receives the MSCHAPv2 access-accept message from the second server (an NPS server) it does not include the user attributes in the access-accept message to the client, resulting in a connection failure.
This works in 2.1.9. Set "use_tunneled_reply = yes" in eap.conf.
Alan DeKok.
More information about the Freeradius-Users
mailing list