Proxied Access-Challenge requests are missing AVPs
Leonardo Arena
rnalrd at gmail.com
Fri Sep 11 13:24:36 CEST 2015
On ven, 2015-09-11 at 11:19 +0100, Arran Cudbard-Bell wrote:
> > On 11 Sep 2015, at 09:20, Leonardo Arena <rnalrd at gmail.com> wrote:
> >
> > On gio, 2015-09-10 at 18:47 +0100, Arran Cudbard-Bell wrote:
> >>> On 10 Sep 2015, at 15:57, Leonardo Arena <rnalrd at gmail.com> wrote:
> >>>
> >>> Hi list,
> >>>
> >>> I have a FreeRADIUS 3.0.3 proxy which forward all Cisco WAPs
> >>> Wireless-802.11 authentication requests to a Windows NPS server. Clients
> >>> use PEAP to authenticate.
> >>>
> >>> What I'm seeing is that the Access-Challenge from the NPS is forwarded
> >>> without any AVPs, and of course the WAP silently drops it.
> >>>
> >>> Please find below the debug output and the relevant configuration files
> >>> attached.
> >>>
> >>> Couldn't find really anything helpful in the ML archive.
> >>>
> >>> Could you please give me any suggestion of what could be wrong?
> >>
> >> Weird, unless you list a filter module in post-proxy the response should be forwarded. You're using a very out of date version of v3.0.x though, try 3.0.9 and see if you still see the same issue.
> >>
> >
> > I'm using default attr-filter module (see below) and AFAICS it's used
> > only by inner-tunnel, and I don't have any post-proxy file.
> >
> > I'll give a shot with 3.0.9 although with 3.0.4 clients.conf changed
> > syntax IIRC and that's why we stick with 3.0.3. Upgrading clients.conf
> > in 200+ installations does not look an attractive option. :)
>
> clients.conf from 3.0.3 should be compatible with 3.0.9. It'll just issue a few warnings.
>
Unfortunately this does not seem to be case:
/etc/raddb# rc-service radiusd start
* Caching service dependencies ... [ ok ]
* /var/run/radiusd: correcting mode
* /var/run/radiusd: correcting owner
* Starting Freeradius ... * start-stop-daemon: failed to start
`/usr/sbin/radiusd'
* Failed to start radiusd
[ !! ]
* ERROR: radiusd failed to start
/etc/raddb# radiusd -X
[...]
/etc/raddb/clients.conf[1]: No 'ipaddr' or 'ipv4addr' or 'ipv6addr'
configuration directive found in client 127.0.0.1/8
Am I missing anything?
- leo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150911/ce13e21a/attachment.sig>
More information about the Freeradius-Users
mailing list