EAP-TLS/PEAP authentication problem(can not reply correct attribute)
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Aug 31 08:21:47 CEST 2011
On 31 Aug 2011, at 08:11, Arran Cudbard-Bell wrote:
>
> On 31 Aug 2011, at 04:37, gary wrote:
>
>> Hi All
>> I have NAS client which support WISPr standard working with freeradius 2.1.10+MySQL 5.5 install on Fedora OS.
>> I create my test certificate and configure EAP-TLS/PEAP authentication well in my setup.
>> I am using WINDOWS XP as client pc it can pass authentication but freeradius can not reply correct attribute I configured such as bandwidth control.
>> I noticed in the reply attribute the vendor is Microsoft not WISPr.
>> I wonder if this is WINDOWS default setting how can I modify so that FR can reply the correct attribute I configured?
>
> Look in the dictionary file for your NAS vendor and figure out what the actual attribute name is for the reply attribute you're trying to send.
>
> The name of a VSA is just there to make it easier to extract and manipulate attributes, it has no effect on the contents of the packet. So if you insert a VSA and it comes up as a Microsoft Vendor and this is not what you intended, then there's a naming conflict and the other Vendors VSAs will have been renamed.
>
Of course if you're adding attributes in the inner tunnel you'll have to make sure tunnelled reply is set to yes in eap.conf for the relevant EAP methods.
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Half the complexity of Diameter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110831/fd2705a2/attachment.html>
More information about the Freeradius-Users
mailing list