Hi all, I use freeradius-snapshot-20031003 version of FREERADIUS for testing EAP-TTLS with it. I try to make TTLS authentication. This is gone with PAP/EAP-MD5 in tunneled mode but only if the PAP/EAP-MD5 credentials were on the same maschine.
If I try to put the user credentials on other freeradius server and try to make proxing it don't go any more. There seems be a problem with proxing becouse no proxy request isn't send to other radius server. Below is useful listing (end part with eror and proxy setting). On other second RADIUS server is TTLS radius server configured as client. Please help. ---------------------------------------------------------------------------- ------ rad_recv: Access-Request packet from host 10.0.0.173:1645, id=44, length=237 User-Name = "anonymous" Framed-MTU = 1400 Called-Station-Id = "0007.85b3.63ac" Calling-Station-Id = "000b.5f63.c145" Message-Authenticator = 0xcf583fe883a5aa08b4aeadbd25ba0764 EAP-Message = 0x0206005715800000004d1703010048a022a4a5787533a644314a6f27a481deea37b5269793 31f24828f73e5b0791d0a73115ba87baee9ba7011c1f3ea98a14e497e6961991099590a610e9 78f1b72f68ee7f9034d820ce NAS-Port-Type = Virtual NAS-Port = 497 State = 0xd6c081b0b2fbf275d73554a94fbab8e9 NAS-IP-Address = 10.0.0.173 NAS-Identifier = "System_room_5510_AP1200" modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 87 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "[EMAIL PROTECTED]" User-Password = "kasslatter" Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "[EMAIL PROTECTED]" User-Password = "kasslatter" Freeradius-Proxied-To = 127.0.0.1 modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 5 rlm_realm: Looking up realm "servprov.com" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "servprov.com" rlm_realm: Adding Stripped-User-Name = "fritz" rlm_realm: Proxying request from user fritz to realm servprov.com rlm_realm: Adding Realm = "servprov.com" rlm_realm: Preparing to proxy authentication request to realm "servprov.com" modcall[authorize]: module "suffix" returns updated for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall: group authorize returns updated for request 5 TTLS: Got tunneled reply RADIUS code 0 TTLS: Rejecting tunneled user rlm_eap: Handler failed in EAP type 21 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: group authenticate returns invalid for request 5 auth: Failed to validate the user. Delaying request 5 for 1 seconds Finished request 5 Going to the next request proxy.conf: realm servprov.com { type = radius authhost = 10.0.0.20:1812 accthost = 10.0.0.20:1813 secret = radius_proxy strip } ---------------------------------------------------------------------------- ------ regards Roman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html