EAP-Peap-MSchapv2 proxy from innertunnel
Alan DeKok
aland at deployingradius.com
Thu Aug 29 19:16:13 CEST 2013
Phil Mayers wrote:
> [peap] Got tunneled request
> EAP-Message = 0x02090006031a
>
> 0x03 == 3 = NAK, 0x1a == 26 == MS-EAP (SoH, I think?)
That's EAP-MSCHAP-v2.
> ...which the proxy server then rejects:
>
> rad_recv: Access-Reject packet from host 155.97.185.76 port 1812, id=71,
> length=49
> Proxy-State = 0x313232
> EAP-Message = 0x04090004
>
> So the solution is simple - if you're going to proxy the inner auth,
> ensure the client inner auth method and upstream proxy auth method are
> mutually compatible.
i.e. set "proxy_tunneled_request_as_eap = no"
Alan DeKok.
More information about the Freeradius-Users
mailing list