Let me just say I got 802.1x working with PEAP/MSCHAPv2 -> NTLM 
authentication....

The issue is we have 2 domains on our network and want to be able to have the 
single 802.1x authentication, sorted by domain authenticate and return the 
correct vlan for the user... I couldn't figure a way out to do it with LDAP2 as 
apparently LDAP2 doesn't like MSCHAPv2/PEAP only PAP for whatever reason... So 
NTLM I went to, and it works but that meant I had to join the linux server to 
the domain, and only 1 domain per server.

To solve this I followed someone's recommendation to have a second radius 
server (vm), that's on the other domain that just checks domains and the first 
server will proxy the request to it... simple enough...

The issue is it doesn't work, the secondary radius sends the access-accept but 
for some reason the main server doesn't seem to handle the challenge/accept 
process correctly anymore and the signin process just hangs on the wireless...

So now I'm 110% lost and don't know what else could be the issue...

If you can take a look at this and help me out it would be greatly appreciated, 
as to where I'm going wrong.

Good login with primary server doing NTLM: http://pastebin.com/Vimm88Ya
Login that's hanging being processed from remote Radius: 
http://pastebin.com/Lj3MCset

Config is http://pastebin.com/UCr2vMdk

Thanks,
Chris
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to