EAP-Peap-MSchapv2 proxy from innertunnel
Robert Roll
Robert.Roll at utah.edu
Thu Aug 29 18:48:59 CEST 2013
Ok, I've tried this with 2.2 and still get the same behavior..
If I actually look at the proxy-inner-tunnel I see the following for post-proxy..
post-proxy {
#
# This is necessary for LEAP, or if you set:
#
# proxy_tunneled_request_as_eap = no
#
eap
I see that eap needs be invoked if using
proxy_tunneled_request_as_eap = no
Does it actually need to NOT be there for
proxy_tunneled_request_as_eap = no
I should say I'm actually NOT using the proxy-inner-tunnel server, but
rather the default inner-tunnl with:
# If you want the inner tunnel request to be proxied, delete
# the next few lines.
#
# update control {
# Proxy-To-Realm := LOCAL
# }
Thanks,
Robert
________________________________________
From: freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org [freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org] on behalf of Phil Mayers [p.mayers at imperial.ac.uk]
Sent: Thursday, August 29, 2013 9:38 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: EAP-Peap-MSchapv2 proxy from innertunnel
On 29/08/13 15:56, Robert Roll wrote:
>
> I guess I assumed the id: in the TCP dump below was the "EAP Response Identifier" maybe not ? Is there a different
> EAP response identifier ?
Yes, in the EAP-Message attribute (EAP packet)
> I actually have been running with debug radius -X. Obviously a lot longer output than just the TCP dump.
> That is why I first tried just the TCP dump. I guess I was also hoping somebody might have just
> had a thought about a common configuration issue...
TBH proxying EAP inner is not common at all; there have been bugs in
that area in the past.
Re-reading I notice that you're running 2.10 - upgrade. I'm pretty
certain that version has inner-eap proxy bugs. Go to 2.2.0.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list