EAP-Peap-MSchapv2 proxy from innertunnel

Robert Roll Robert.Roll at utah.edu
Thu Aug 29 18:01:38 CEST 2013


Ok, Below is the TCP dump. I have attached the Freeradius Debug output beginning
near the start of the proxy..

WC        -- is the wirless controller (155.99.193.24)
FR-2.10   -- Freeradius 2.10  (155.97.182.175)
ISE-proxy -- ISE proxy server (155.97.185.76)

Again, any help would be much appreciated..

Thanks,

Robert

09:31:25.451223 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x72 length: 229
09:31:25.452467 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x72 length: 64
09:31:25.454469 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x73 length: 355
09:31:25.461847 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x73 length: 1090
09:31:25.465436 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x74 length: 239
09:31:25.465779 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x74 length: 1086
09:31:25.469322 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x75 length: 239
09:31:25.469644 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x75 length: 1086
09:31:25.472928 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x76 length: 239
09:31:25.473199 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x76 length: 923
09:31:25.482815 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x77 length: 441
09:31:25.485315 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x77 length: 123
09:31:25.488059 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x78 length: 239
09:31:25.488362 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x78 length: 101
09:31:25.490724 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x79 length: 329

--Begin Proxy
09:31:25.491570 IP FR-2.10.1814 > ISE-proxy.radius: RADIUS, Access Request (1), id: 0xd8 length: 242
09:31:25.497310 IP ISE-proxy.radius > FR-2.10.1814: RADIUS, Access Challenge (11), id: 0xd8 length: 128
09:31:25.497504 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), id: 0x79 length: 101
09:31:25.499645 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 0x7a length: 313
09:31:25.500528 IP FR-2.10.1814 > ISE-proxy.radius: RADIUS, Access Request (1), id: 0x47 length: 300
09:31:25.502871 IP ISE-proxy.radius > FR-2.10.1814: RADIUS, Access Reject (3), id: 0x47 length: 49
09:31:26.504148 IP FR-2.10.radius > WC.32769: RADIUS, Access Reject (3), id: 0x7a length: 101

________________________________________
From: freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org [freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org] on behalf of Phil Mayers [p.mayers at imperial.ac.uk]
Sent: Thursday, August 29, 2013 7:58 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: EAP-Peap-MSchapv2  proxy from innertunnel

On 29/08/13 14:35, Robert Roll wrote:
>   I'm trying to do a proxy from the inner-tunnel over to another radius server.
> The primary reason for this is that we need to strip off the realm before
> passing to the proxy.
>
>   I'm getting an EAP error response from the other server about it not liking the
> id number
>
>        "Supplicant sent unmatched EAP response packet identifier"
>
>          ( This is an EAP-PEAP-MSCHAPv2 scenerio)
>
>   The EAP.conf file is configured with:
>
>         proxy_tunneled_request_as_eap = yes
>
> I've included a TCP dump of the main freeradius server below

But not a debug gathered with "radiusd -X" which is the only thing
anyone ever wants to see.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rdebug.out
Type: application/octet-stream
Size: 12136 bytes
Desc: rdebug.out
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130829/44943b06/attachment-0001.obj>


More information about the Freeradius-Users mailing list