It's tired and I'm late or something like that :)
Thanks to Alan's help, things are now resolving to the IAS server as
mentioned in my previous posts and configs.
The switches seem to be receiving the Access-Accept packets as they are
marking the ports as authenticated with the correct user id. However,
I'm also trying to pass back a filter-id so the switch can change the
policy on the port the user has authenticated on.
The IAS server returns this just fine, and when using radclient, my
proxied request returns:
Sending Access-Accept of id 219 to 172.25.7.11:1024
Filter-Id = "Enterasys:version=1:mgmt=su:policy=Administrator"
Callback-Number = ""
Service-Type = Framed-User
Class =
0x570b067a000001370001a81cf03c01c5e5644a584e9e00000000000001b2
However, when my XP machine tries to authenticate with PEAP/MS-CHAPv2,
everything goes to the IAS server, and the Filter-ID is passed back from
the IAS server to freeradius, however
Sending Access-Accept of id 9 to 172.25.7.11:1024
MS-MPPE-Recv-Key =
0x50c3bedb696d476e8ed66808b5a2e452a6554fa470ca566bd77fc6d8c170e277
MS-MPPE-Send-Key =
0x1bd55848cc4c172fece6e24a9fb00f91652e74bbf509eef674948bd2c6e4cea1
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "CCSU\\testuser"
is what gets sent to the switch/NAS.
I'm sure this is just my lack of understanding of the PEAP process, but
what am I missing to have the other attributes go back out with the
Access-Accept?
Thanks all!
-Dan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
