Hello Garry, Can you reply with Trace 4 log file.
Best Regards, Sami On 07/29/2013 04:27 AM, Garry Shtern wrote: > Hi Alan, > > The config is pretty straight forward. Here you go: > > # User check from user file > > <AuthBy FILE> > > Identifier user-file-auth > > # Location of the users file > > Filename %D/users > > # Suppoted EAP Types and session info > > EAPType PEAP,TLS,MSCHAP-V2 > > EAPTLS_MaxFragmentSize 1024 > > EAPTLS_SessionResumptionLimit 60 > > # Certificate Info > > EAPTLS_CAFile %D/certs/ca.pem > > EAPTLS_CertificateType PEM > > EAPTLS_PrivateKeyFile %D/certs/%h.pem > > EAPTLS_CertificateChainFile %D/certs/%h.pem > > # This flag tells EAPType MSCHAP-V2 to convert the inner > EAP-MSCHAPV2 request into > > # an ordinary Radius-MSCHAPV2 request and redespatch to to a > Handler > > # that matches ConvertedFromEAPMSCHAPV2=1 > > EAP_PEAP_MSCHAP_Convert 1 > > # Deal with MPPE keys > > AutoMPPEKeys > > </AuthBy> > > *From:*Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk] > *Sent:* Saturday, July 27, 2013 7:22 AM > *To:* Garry Shtern; 'radiator@open.com.au' > *Subject:* Re: [RADIATOR] PEAP from Radiator via Juniper switches > > config? > > alan > > > > > -------- Original message -------- > From: Garry Shtern <garry.sht...@twosigma.com > <mailto:garry.sht...@twosigma.com>> > Date: 26/07/2013 22:40 (GMT+00:00) > To: "'radiator@open.com.au'" <radiator@open.com.au > <mailto:radiator@open.com.au>> > Subject: [RADIATOR] PEAP from Radiator via Juniper switches > > All, > > I ran into an interesting issue. I am trying to do PEAP/MSCHAPv2 via > Juniper EX switch to Radiator. I am seeing the Access-Request come in, > and Radiator responds with Access-Challenge which is dropped by the EX. > However, I have the same switch pointing to Microsoft NPS and > everything works flawlessly. > > Looking over packet captures and debugs on the Radiator I noticed the > following difference in responses: > > -NPS returns “Authenticator” and following AVPs: > > oSession-Timeout > > o EAP-Message w/ EAP Request 1, Id 1, Type 25 (PEAP), Start Flag and > PEAP version 0 > > oState > > oMessages-Authenticator > > -Radiator returns “Authenticator” and none of the AVPs. > > I am suspecting that Juniper EX has an issue with this and that’s why > it’s dropping the frames, while Cisco IOS switch is absolutely fine and > forwards the traffic back to the client w/o much of a consideration. > > Is there any easy way to force Radiator to add the same attributes to > the Challenge as NPS? > > Thanks. > > > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Sami Keski-Kasari <sam...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
