On 25.11.2016 1.00, rohan.henry cwjamaica.com wrote:

It seems Radiator is not receiving expected response after sending
access-challenge to NAS (Telrad station).

Does my radiator response look ok?

It does look ok for PEAP. You are receiving EAP-Response/Identity to which Radiator responds with EAP-Request/PEAP-Start. This looks like normal PEAP authentication start.

What happens then is that the RADIUS client sends again the same request. I'd say this means the response from Radiator is dropped, ignored or, in general, does not reach the RADIUS client (or maybe the device trying the authenticate with EAP-TTLS).

Maybe the request is dropped because Radiator tries to start PEAP and only EAP-TTLS is supported and the client does not know how to send NAK and request EAP-TTLS.

See that your configuration does not have EAPType set to PEAP. Plain 'EAPType TTLS' should be enough.

Thanks,
Heikki

--
Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to