Proxied Access-Challenge requests are missing AVPs

Arran Cudbard-Bell a.cudbardb at
Fri Sep 11 12:19:49 CEST 2015

> On 11 Sep 2015, at 09:20, Leonardo Arena <rnalrd at> wrote:
> On gio, 2015-09-10 at 18:47 +0100, Arran Cudbard-Bell wrote:
>>> On 10 Sep 2015, at 15:57, Leonardo Arena <rnalrd at> wrote:
>>> Hi list,
>>> I have a FreeRADIUS 3.0.3 proxy which forward all Cisco WAPs
>>> Wireless-802.11 authentication requests to a Windows NPS server. Clients
>>> use PEAP to authenticate.
>>> What I'm seeing is that the Access-Challenge from the NPS is forwarded
>>> without any AVPs, and of course the WAP silently drops it.
>>> Please find below the debug output and the relevant configuration files
>>> attached.
>>> Couldn't find really anything helpful in the ML archive.
>>> Could you please give me any suggestion of what could be wrong?
>> Weird, unless you list a filter module in post-proxy the response should be forwarded.  You're using a very out of date version of v3.0.x though, try 3.0.9 and see if you still see the same issue.
> I'm using default attr-filter module (see below) and AFAICS it's used
> only by inner-tunnel, and I don't have any post-proxy file.
> I'll give a shot with 3.0.9 although with 3.0.4 clients.conf changed
> syntax IIRC and that's why we stick with 3.0.3. Upgrading clients.conf
> in 200+ installations does not look an attractive option. :)

clients.conf from 3.0.3 should be compatible with 3.0.9.  It'll just issue a few warnings.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list