Machine authentications with proxy-inner-tunnel and NPS as backend
Herwin Weststrate
herwin at quarantainenet.nl
Mon Jul 21 10:49:11 CEST 2014
This isn't really a problem with FreeRADIUS, but maybe someone else here
has ever tried this.
A short description of our setup: we're trying to use 802.1X on WLAN,
with the access points using FreeRADIUS as backend, authenticating via
PEAP. FreeRADIUS is configured to use the proxy-inner-tunnel virtual
server for this requests, and uses Active Directory 2012R2 as a RADIUS
backend (NPS).
With user authentication, this works like a charm once you've changed
the policy to accept MSCHAPv2 outside of PEAP too. When trying to use
this same setup with a machine authentication, the backend replies that
the username or password is incorrect. When we're acting as a normal
proxy instead of an inner-tunnel-proxy, it just works without any
changes on the client pc.
Has anyone ever tried something like this and got the setup working?
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list