Proxy Request to Virtual Server using EAP

joaocdc at gmail.com joaocdc at gmail.com
Mon Mar 14 14:03:08 CET 2011


Hello Guys

I need a help to use proxy request to virtual_server using EAP-TTLS and
EAP-PEAP

I have the following scenario:

I have a Radius Sever (version 2.1.10), this server on a Linux Debian 6

This server must authenticate users of my wireless network. But my network
is interconnected with several educational institutions, and users of these
institutions are in my network.

For users who are in my company, I want to authenticate them in my radius
server, for users who are from other institutions to do routing or proxy
server.


I already have configured the authentication of my users using LDAP as a
backend.

My users will be divided into groups, each group has its own realm, each
realm and forwards the authentication to a virtual server.

If my users try to authenticate without entering the realm, it works OK.
If users try to authenticate other institutions stating the realm of the
institution, my radius is usually the proxy, and it works OK.
if my users try to authenticate informing realm, I see in debug mode the
virtual server is invoked, but the authentication does not happen, he
accuses the following error:

# Executing group from file /etc/freeradius/sites-enabled/
inner-tunnel
+- entering group authenticate {...}
[eap] Multiple levels of TLS nesting is invalid.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server inner-tunnel

Apparently he often wraps the request with TLS, and can no longer
decapsulation.

If you do a test without using EAP authentication (via radtest)
authentication with realm works.

Apparently he often wraps the request with TLS, and can no longer
decapsulation.


Enough already researched on the internet but have not found a solution.

I need to make a proxy for virtual_server using EAP.

If any can help me thank you.

Sincerely John


-- 
João Paulo de Lima Barbosa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110314/efcd7840/attachment.html>


More information about the Freeradius-Users mailing list