Hello Guys I need a help to use proxy request to virtual_server using EAP-TTLS and EAP-PEAP
I have the following scenario: I have a Radius Sever (version 2.1.10), this server on a Linux Debian 6 This server must authenticate users of my wireless network. But my network is interconnected with several educational institutions, and users of these institutions are in my network. For users who are in my company, I want to authenticate them in my radius server, for users who are from other institutions to do routing or proxy server. I already have configured the authentication of my users using LDAP as a backend. My users will be divided into groups, each group has its own realm, each realm and forwards the authentication to a virtual server. If my users try to authenticate without entering the realm, it works OK. If users try to authenticate other institutions stating the realm of the institution, my radius is usually the proxy, and it works OK. if my users try to authenticate informing realm, I see in debug mode the virtual server is invoked, but the authentication does not happen, he accuses the following error: # Executing group from file /etc/freeradius/sites-enabled/ inner-tunnel +- entering group authenticate {...} [eap] Multiple levels of TLS nesting is invalid. [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. } # server inner-tunnel Apparently he often wraps the request with TLS, and can no longer decapsulation. If you do a test without using EAP authentication (via radtest) authentication with realm works. Apparently he often wraps the request with TLS, and can no longer decapsulation. Enough already researched on the internet but have not found a solution. I need to make a proxy for virtual_server using EAP. If any can help me thank you. Sincerely John -- João Paulo de Lima Barbosa
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html