RE: EAP-Peap-MSchapv2 proxy from innertunnel

Robert Roll Thu, 29 Aug 2013 09:29:11 -0700

Ok, Below is the TCP dump. I have attached the Freeradius Debug output beginning
near the start of the proxy..


WC        -- is the wirless controller (155.99.193.24)
FR-2.10   -- Freeradius 2.10  (155.97.182.175)
ISE-proxy -- ISE proxy server (155.97.185.76)

Again, any help would be much appreciated..

Thanks,

Robert

09:31:25.451223 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x72 length: 229
09:31:25.452467 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x72 length: 64
09:31:25.454469 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x73 length: 355
09:31:25.461847 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x73 length: 1090
09:31:25.465436 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x74 length: 239
09:31:25.465779 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x74 length: 1086
09:31:25.469322 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x75 length: 239
09:31:25.469644 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x75 length: 1086
09:31:25.472928 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x76 length: 239
09:31:25.473199 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x76 length: 923
09:31:25.482815 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x77 length: 441
09:31:25.485315 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x77 length: 123
09:31:25.488059 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x78 length: 239
09:31:25.488362 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x78 length: 101
09:31:25.490724 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x79 length: 329

--Begin Proxy
09:31:25.491570 IP FR-2.10.1814 > ISE-proxy.radius: RADIUS, Access Request (1), 
id: 0xd8 length: 242
09:31:25.497310 IP ISE-proxy.radius > FR-2.10.1814: RADIUS, Access Challenge 
(11), id: 0xd8 length: 128
09:31:25.497504 IP FR-2.10.radius > WC.32769: RADIUS, Access Challenge (11), 
id: 0x79 length: 101
09:31:25.499645 IP WC.32769 > FR-2.10.radius: RADIUS, Access Request (1), id: 
0x7a length: 313
09:31:25.500528 IP FR-2.10.1814 > ISE-proxy.radius: RADIUS, Access Request (1), 
id: 0x47 length: 300
09:31:25.502871 IP ISE-proxy.radius > FR-2.10.1814: RADIUS, Access Reject (3), 
id: 0x47 length: 49
09:31:26.504148 IP FR-2.10.radius > WC.32769: RADIUS, Access Reject (3), id: 
0x7a length: 101

________________________________________
From: freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org 
[freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org] on behalf 
of Phil Mayers [p.may...@imperial.ac.uk]
Sent: Thursday, August 29, 2013 7:58 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP-Peap-MSchapv2  proxy from innertunnel

On 29/08/13 14:35, Robert Roll wrote:
>   I'm trying to do a proxy from the inner-tunnel over to another radius 
> server.
> The primary reason for this is that we need to strip off the realm before
> passing to the proxy.
>
>   I'm getting an EAP error response from the other server about it not liking 
> the
> id number
>
>        "Supplicant sent unmatched EAP response packet identifier"
>
>          ( This is an EAP-PEAP-MSCHAPv2 scenerio)
>
>   The EAP.conf file is configured with:
>
>         proxy_tunneled_request_as_eap = yes
>
> I've included a TCP dump of the main freeradius server below

But not a debug gathered with "radiusd -X" which is the only thing
anyone ever wants to see.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rdebug.out
Description: rdebug.out

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: EAP-Peap-MSchapv2 proxy from innertunnel

Reply via email to