On 07/08/2012 04:37 PM, Safonov Roman wrote: > Now we have WPA-2 Enterprise wireless network that authenticated with > Windows NPS/AD. We use Juniper wireless controller and it works as PEAP > off-load so I don’t need to use Radiator as PEAP server because I > receive MSCHAP credentials to Radiator and according to a realm > (subdomain) forward them to an appropriate MS NPS. > > We have 25-30 subdomains so I’ve built Radiator with realms for each > subdomain and it works. > > Now I need to connect Eduroam to this scheme. But Eduroam sends to me > all data (outer, inner etc.) and I need to work as full PEAP-MSCHAP server. > > OK. I’ve built one more proxy Radiator server (for tests) and it > forwards RADIUS-MSCHAP requests to the main Radiator. And here I receive > “Request Denied”.
>From the log: Sun Jul 8 15:24:19 2012: DEBUG: EAP result: 2, EAP MSCHAP-V2 unknown mschaptype 3 The client is sending unexpected tunnelled EAP-MSCHAP-V2 success. Can you try without 'Fork' and 'Synchronous' options? They should not be needed. If it does not work after that, please send a log showing what happens. > Below my radius.cfg file: > > <Handler ConvertedFromEAPMSCHAPV2=1> > <AuthBy RADIUS> > Fork > Synchronous Forking may be causing problems with EAP state when a new radiusd instance is created. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
