Server verification when proxying
Stephen Mellor
Stephen.Mellor at nhs.scot
Tue Oct 28 15:51:36 UTC 2025
Freeradius 3.2, Windows 11 clients, EAP-TLS server verification.
We're using EAP-TLS successfully, authenticating locally for our machines, but proxying out to another organisations Cisco ISE servers where we detect that the username is one of their machines.
The other organisation say that their users are sometimes prompted to continue with the connection. Our users are not - their machines just connect. Assuming that wifi profiles for both organisations include the option to verify the authentication server, does that initial verification get proxied for the other organisation, or are they attempting to verify our servers? I'm using radiusd -X but I'm finding the logfiles very difficult to parse - from what I can tell the process hangs later in the communications, presumably where the machine is waiting for user input. What I don't understand is why they say that their users are only prompted 'sometimes', not always.
Apologies for the lack of detail, I'm still trying to work my way through various logs...
Steve M
--------------------------------------------------------------------------------------------------------------------------------------------------------
This email is intended for the named recipient only. If you have received it by mistake,
please (i) contact the sender by email reply; (ii) delete the email from your system; .
and (iii) do not copy the email or disclose its contents to anyone.
--------------------------------------------------------------------------------------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list