The error on the other side is Invalid_Auth_Type. It is set to only accept MsCHAPv2 which is fine. I guess the next question is do I need to set a default auth type for the realm and if so how can I do that without mucking up the other realms?
On Sat, 2011-06-04 at 07:58 +0200, Alan DeKok wrote: > Doty, Seth wrote: > > Currently I have a wireless setup that terminates the outer tunnel > > locally then queries AD to get group/user data. This happens for the > > realm named after the domain,the default realm, and NULL realm and works > > perfectly. What I need to do now is add a new realm (testrealm)that > > terminates the eap tunnel locally just like the other realms (to keep > > the cert the same) and then proxies the inner tunnel to a MS ias server > > (old_DC). All i will need back is an accept and then i will attempt to > > pass attributes to the wireless controller based on the realm (I assume > > I can do this). I appear to be having some issues with initial > > authentication however. > > You've set it to proxy to a home server. The home server is rejecting > the request. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html