Add Check Item in PEAP MSCHAP V2 authentication process

Alan DeKok aland at
Sun Aug 28 22:59:42 CEST 2016

On Aug 28, 2016, at 11:37 AM, Tim Baledorion <timbaledorion at> wrote:
> Here is my design.

  I would suggest using standard RADIUS vocabulary.  And being clear in your descriptions.

> I have a node implementing a Radius Proxy.

  What's a "node"?

> This node is including its identifier in all Radius-Request.

  What is that "identifier?"  Is it a RADIUS attribute?

  What's a "RADIUS-Request" ?

> Its identifier is returned by the radius proxy chain (that has 3 levels til the end radius server)


> A NAS is connected to this node and linked to the radius proxy.

  How is the NAS "linked" to the RADIUS proxy?

> The host are connecting to the NAS using PEAP/MSCHAPv2.


> I want the Node Identifier to be a part of the check items for the authentication process but i don't know how to do it.

  Read the debug output as suggested in the FAQ, "man" pages, web pages, and daily on this list.

  See what attributes are in the Access-Request.  Then... write policies to look for those attributes.

  There is tons of documentation, and hundreds of examples of policies that come with the server.

> I don't know if it has to be configured at the client, NAS or RADIUS side.

  RADIUS server policies are configured on the RADIUS server.

> As of today everything works as described above but i haven't find anyway to get the Node Identifier Item in the authentication request.

  Read the debug output as suggested in the FAQ, "man" pages, web pages, and daily on this list.

  You will see what is in the packet.

> Don't hesitate to ask for further informations.

  Please ask *good* questions.  Right now, it's very hard to know what you want to do, because you've given very unusual explanations for everything.

  Alan DeKok.

More information about the Freeradius-Users mailing list