EAP-TLS/PEAP authentication problem(can not reply correctattribute)

gary gary.yang at browan.com
Thu Sep 1 10:48:09 CEST 2011


Hi Arran
I do not define my private attribute while I follow the WISPr such as "Bandwidth-Max-Up" and "Bandwidth-Max-Down".
It is no problem that I use UAM method(user login with login page by user name/password) and freeradius can reply correct attribute.
But when I use PEAP authentication,after user login it can not reply correct attribute that I configure in the radgroupreply table.
Can anyone give some idea?

BR//Gary

  ----- Original Message ----- 
  From: Arran Cudbard-Bell 
  To: FreeRadius users mailing list 
  Sent: Wednesday, August 31, 2011 2:21 PM
  Subject: Re: EAP-TLS/PEAP authentication problem(can not reply correctattribute)




  On 31 Aug 2011, at 08:11, Arran Cudbard-Bell wrote:




    On 31 Aug 2011, at 04:37, gary wrote:


      Hi All
      I have NAS client which support WISPr standard working with freeradius 2.1.10+MySQL 5.5 install on Fedora OS.
      I create my test certificate and configure EAP-TLS/PEAP authentication well in my setup.
      I am using WINDOWS XP as client pc it can pass authentication but freeradius can not reply correct attribute  I configured such as bandwidth control.
      I noticed in the reply attribute the vendor is Microsoft not WISPr.
      I wonder if this is WINDOWS default setting how can I modify so that FR can reply the correct attribute I configured?


    Look in the dictionary file for your NAS vendor and figure out what the actual attribute name is for the reply attribute you're trying to send.


    The name of a VSA is just there to make it easier to extract and manipulate attributes, it has no effect on the contents of the packet. So if you insert a VSA and it comes up as a Microsoft Vendor and this is not what you intended, then there's a naming conflict and the other Vendors VSAs will have been renamed.




  Of course if you're adding attributes in the inner tunnel you'll have to make sure tunnelled reply is set to yes in eap.conf for the relevant EAP methods.


  Arran Cudbard-Bell
  a.cudbardb at freeradius.org


  RADIUS - Half the complexity of Diameter




------------------------------------------------------------------------------


  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110901/4c755b09/attachment.html>


More information about the Freeradius-Users mailing list