Authentication issues with Win7 and WPA/WPA2 Enterprise
Phil Mayers
p.mayers at imperial.ac.uk
Tue May 24 12:28:27 CEST 2011
On 24/05/11 08:35, Simon L. wrote:
> Phil Mayers schrieb:
>> On 05/23/2011 06:53 PM, Simon L. wrote:
>>
>>> Please have a look at my new, attached debug log.
>>
>> The server you are proxying to sends a reject. Fix that server.
>> -
>>
>
> Why accepts the home server a proxied request from radtest but not from
> a wpa supplicant.
radtest sends (by default) a PAP request.
WPA-Supplicant sends EAP.
> The home server can not talk eap. as the log shows the proxy is not
If the home server can't do EAP, how do you expect to proxy EAP to it?
What is the home server?
> doing eap when it forwards a request. where is the difference?
802.1x requires EAP support at the radius server. If you are proxying
the requests to another server, it requires EAP support there, too.
It *may* be possible to terminate the EAP at FreeRADIUS, and send the
inner EAP as non-EAP, but this is hack, and I strongly advise against
it. This will only work for EAP-TTLS/PAP and EAP-PEAP/MSCHAP
If you want to do that, put the proxy config into
sites-enabled/inner-tunnel, and also see eap.conf:
eap {
peap {
proxy_tunneled_request_as_eap = yes
}
}
More information about the Freeradius-Users
mailing list