Inner request for PEAP is EAP-MSCHAPv2 not MSCHAPv2. Ivan Kalik Kalik Informatika ISP
Dana 6/2/2008, "Andrew Olson" <[EMAIL PROTECTED]> piše: >I got 2.0.1 patched, compiled and configured. I'm still seeing the same >behaving listed below. Could it be something with my config. > >I'm simply doing: > >DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm" > > >Thanks, >Andrew Olson > > > >Dmitry Sergienko wrote: >> Hi! >> >> If you still have no luck with 1.1.7 proxying mschapv2, try to move to >> 2.0.1 with patches in event.c discussed yesterday in freeradius-users. >> I'm trying to do the same authentication - extract MS-CHAPv2 from PEAP >> and authorize inner request against external RADIUS server. With 2.0.1 >> and a patch at least eapol_test passes authorization. >> >> Andrew Olson wrote: >>> Hello, >>> >>> I'm having trouble getting freeradius-1.1.7 to proxy PEAP-mshcapv2 to >>> another RADIUS server. My other server doesn't do EAP, so I'm just >>> sending mschapv2 achieved with proxy_tunneled_request_as_eap = no in >>> eap.conf. >>> >>> When I proxy to my other server, I get back an Access-Accept packet. >>> Then, freeradius sends an Access Challenge to the client, receives a >>> response and then things appear to break. >>> >>> I am able to successfully authenticate users with PEAP by defining >>> them locally in the users file. Additionally, I have gotten TTLS to >>> work by proxying to another server, it's just PEAP that I'm having >>> problems with. >>> >>> The differing line in the debug seems to be: >>> <proxied> >>> eaptls_process returned 7 >>> rlm_eap_peap: EAPTLS_OK >>> rlm_eap_peap: Session established. Decoding tunneled attributes. >>> rlm_eap_peap: EAP type mschapv2 >>> >>> -vs- >>> >>> <non-proxied> >>> >>> eaptls_process returned 7 >>> rlm_eap_peap: EAPTLS_OK >>> rlm_eap_peap: Session established. Decoding tunneled attributes. >>> rlm_eap_peap: Received EAP-TLV response. >>> >>> >>> I'm running a pretty standard config, I think. I can send copies of >>> it, if that would help. >>> >>> Thanks, >>> Andrew Olson >>> >>> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html