"use_tunnel_reply" not working in EAP-PEAP (Proxied as plain MSCHAPv2) in eap.conf

Phil Mayers p.mayers at imperial.ac.uk
Tue Jul 5 19:24:53 CEST 2011

On 07/05/2011 06:03 PM, Nitin Bhardwaj wrote:
> Hello All,
> I'm using FreeRADIUS 2.1.11 as a proxy for authenticating PEAP
> clients with RADIUS server not supporting EAP.
> All is working well except that when I use
> "proxy_tunneled_request_as_eap = no" in eap.conf, FreeRADIUS is not
> passing back all the AVPs sent by RADIUS server in
> Access-Accept(MSCHAPv2) to the Client, only few ones.

Be specific. Which ones?

Better yet, show a debug of it not working.

> But when I set it as "proxy_tunneled_request_as_eap = yes",
> FreeRADIUS is relaying back all the AVPs received from the RADIUS
> server properly.

> eap.conf: ------------ eap { peap { copy_request_to_tunnel = yes
> use_tunneled_reply = yes proxy_tunneled_request_as_eap = no
> virtual_server = "proxy-inner-tunnel" } }
> Hence, in spite of setting "use_tunneled_reply = yes", why isnt FR
> copying all attributes in Access-Accept back to client ? Is this some
> bug, fixed in 3.x ?

3.x is not released yet.

I don't think there are any fixed related to this in "master" (to become 
3.x) but there might be; please provide more details as above, so we can 
try to reproduce.

More information about the Freeradius-Users mailing list