Phil Mayers wrote:
> On 29/08/13 18:16, Alan DeKok wrote:
>
>>i.e. set "proxy_tunneled_request_as_eap = no"
>
> Although IIRC that *definitely* had issues in 2.1.10, right?
I don't recall... that was a long time ago, and I'm trying to get 3.0
out the door.
Alan DeKok.
-
List info/subscr
On 29/08/13 18:16, Alan DeKok wrote:
i.e. set "proxy_tunneled_request_as_eap = no"
Although IIRC that *definitely* had issues in 2.1.10, right?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 29/08/13 18:16, Alan DeKok wrote:
Phil Mayers wrote:
[peap] Got tunneled request
EAP-Message = 0x02090006031a
0x03 == 3 = NAK, 0x1a == 26 == MS-EAP (SoH, I think?)
That's EAP-MSCHAP-v2.
Doh, yes, brain fade. TBH this page could be clearer:
http://www.iana.org/assignments/eap-num
Robert Roll wrote:
> If I actually look at the proxy-inner-tunnel I see the following for
> post-proxy..
The post-proxy stage has NOTHING to do with the home server. If the
home server rejects the request, the issue is WAY before the
post-process stage.
> I see that eap needs be invoked if us
Phil Mayers wrote:
> [peap] Got tunneled request
> EAP-Message = 0x02090006031a
>
> 0x03 == 3 = NAK, 0x1a == 26 == MS-EAP (SoH, I think?)
That's EAP-MSCHAP-v2.
> ...which the proxy server then rejects:
>
> rad_recv: Access-Reject packet from host 155.97.185.76 port 1812, id=71,
> length=4
On 29/08/13 17:01, Robert Roll wrote:
Ok, Below is the TCP dump. I have attached the Freeradius Debug output beginning
near the start of the proxy..
The problem here is pretty straightforward, but not obvious from the
debugs since FR is just proxying.
Basically, the client sends the inner EA
freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] on behalf
of Phil Mayers [p.may...@imperial.ac.uk]
Sent: Thursday, August 29, 2013 9:38 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP-Peap-MSchapv2 proxy from innertunnel
On 29/08/13 15:56, Robert Roll wrote:
>
s-bounces+robert.roll=utah@lists.freeradius.org] on behalf
of Phil Mayers [p.may...@imperial.ac.uk]
Sent: Thursday, August 29, 2013 7:58 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP-Peap-MSchapv2 proxy from innertunnel
On 29/08/13 14:35, Robert Roll wrote:
> I'm t
On 29/08/13 15:56, Robert Roll wrote:
I guess I assumed the id: in the TCP dump below was the "EAP Response
Identifier" maybe not ? Is there a different
EAP response identifier ?
Yes, in the EAP-Message attribute (EAP packet)
I actually have been running with debug radius -X. Obvio
On Thu, Aug 29, 2013 at 02:56:44PM +, Robert Roll wrote:
> I guess I assumed the id: in the TCP dump below was the "EAP Response
> Identifier" maybe not ? Is there a different
> EAP response identifier ?
That is the id of the radius packet. EAP lives insided radius packet AVPs
called EA
_
From: freeradius-users-bounces+robert.roll=utah@lists.freeradius.org
[freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] on behalf
of Martin Kraus [lists...@wujiman.net]
Sent: Thursday, August 29, 2013 8:11 AM
To: FreeRadius users mailing list
Subject: Re: EAP-Peap-
On Thu, Aug 29, 2013 at 01:35:25PM +, Robert Roll wrote:
> I'm getting an EAP error response from the other server about it not liking
> the
> id number
>
> "Supplicant sent unmatched EAP response packet identifier"
EAP Response identifier sent by the client has to match EAP Request
On 29/08/13 14:35, Robert Roll wrote:
I'm trying to do a proxy from the inner-tunnel over to another radius server.
The primary reason for this is that we need to strip off the realm before
passing to the proxy.
I'm getting an EAP error response from the other server about it not liking
the
13 matches
Mail list logo
