Thanks for your answer; I've been testing FreerRadius authentication against
Active Directory with Microsoft RRAS setting FreeRadius as the RADIUS server
for it and the authentication worked and as for the next step I'll go on
configuring my Fortigate firewall to use FreeRadius as a RADIUS server; I'll
send the output from radiusd -X for you.
By the way, right now I'm testing something else called ZeroShell which as well
is using FreeRadius (config files at /etc/raddv.v2). It has a nice web
interface and includes the accounting feature I'm looking for. Anyone knows how
to get it integrated with Active Directory?
-----------------------
Regards, Alireza
>________________________________
> From: "[email protected]" <[email protected]>
>To: FreeRadius users mailing list <[email protected]>
>Sent: Friday, January 25, 2013 2:40 PM
>Subject: Re: Quick question about RFC 3579 2.6.5
>
>Hi,
>
>> Well, RFC 3579 2.6.5 says : If EAP-Message, then there MUST not be a
>> Reply-Message. I understand the point on this based on the RFC.
>
>check RFC 5080 - which updates that RFC. however, your reply message is
>not going on as part of the EAP conversation....you are sending the reply
>message to the outer-tunnel as part of the reject...no within the inner-tunnel
>EAP session...so there shouldnt be any EAP message around (but hey, who knows?
>! ;-) )
>
>just run in debug mode (radiusd -X) and check/see what packets and contents
>you are sending
>
>
>dont worry too much - some RADIUS servers break all the specs with regards to
>contents of some packets...at least FreeRADIUS gives you the chance to behave
>( I assume you are running the attr filter on access requests to keep the
>contents
>legal? ;-) )
>
>alan
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
