We had a similar problem at the University - it turned out to be NPS deciding that it was a person not a machine authenticating and rejecting it out of hand.
If you could send us a copy of the configuration file and the associated trace 4 debug we'll take a look. regards Hugh On 12 Oct 2012, at 17:11, James Zee <[email protected]> wrote: > Thanks again for your helpful responses. > > We seem to have everything working by proxying requests to NPS. We're running > into one final issue, however, that I can't seem to figure out. > > Host-based authentication is failing. Specifically, Radiator is throwing an > error that indicates: > > > for user host/blah.somewhere.com: PEAP Authentication Failure > > Any thoughts on why this may be happening? The only difference between the > ntlm_auth wireless Radiator configuration and this one is the RADIUS proxy > directive. > > -james > > > On Wed, Oct 10, 2012 at 5:10 AM, Heikki Vatiainen <[email protected]> wrote: > On 10/09/2012 09:44 PM, James Zee wrote: > > > Unfortunately, however, when we proxy our EAP requests through Radiator, > > NPS sends an ACCESS-REJECT back without much logging. From what I can > > tell, NPS is not responding because the RADIUS message that is proxied > > through Radiator does not have a valid NAS port type. > > > > Shouldn't the proxied request include a NAS port type? Is there a way to > > "fake" or append a NAS port type to the RADIUS request? > > You can take the NAS-Port-Type from the original, outer RADIUS request > with this: > > AddToRequest NAS-Port-Type=%{OuterRequest:NAS-Port-Type} > > Add the option to the Handlers that take care of requests marked with > TunnelledByPEAP=1 and ConvertedFromEAPMSCHAPV2=1 > > That should take care of NAS-Port-Type problem if you want or need to > continue proyxing to NPS. > > Thanks, > Heikki > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
