(RADIATOR) PEAP config and proxying

Rute Sofia rsofia at seas.upenn.edu
Tue Apr 15 05:32:04 CDT 2003


Hello Hugh,

actually, the problem seems a bit more complicated...I tried the new 
config and got the same result. What happens is this:

a) My users authenticate using username at mydomain.xpto;
b) their credentials are stored locally in the format username, i.e., 
*without* mydomain.xpto;
c) requests from  other domains are proxied to the central machine.

*If* users authenticate as "username", this works. However, if users 
authenticate in the form username at mydomain.xpto, this fails. I'm 
stripping off the domain part, as you can see in the config attached.
According to the logs, this seems to happen at some step during the peap 
negotiation, when the real user is obtained from within the eap message. 
In attach I send the log (traced) where it fails, and the current config:

Tue Apr 15 11:10:41 2003: DEBUG:  Deleting session for , 192.168.1.1, 37
Tue Apr 15 11:10:41 2003: DEBUG: Handling with Radius::AuthFILE:
Tue Apr 15 11:10:41 2003: DEBUG: Handling with EAP: code 2, 9, 69
Tue Apr 15 11:10:41 2003: DEBUG: Response type 26
Tue Apr 15 11:10:41 2003: DEBUG: Radius::AuthFILE looks for match with 
user01 at mydomain.xpto
Tue Apr 15 11:10:41 2003: INFO: Access rejected for anonymous: EAP 
MSCHAP V2 failed
Tue Apr 15 11:10:41 2003: DEBUG: Access challenged for user01: EAP PEAP 
inner authentication redespatched to a Handler
Tue Apr 15 11:10:41 2003: DEBUG: Packet dump:

Anyhow, I'm including both the config, and the logs. Any ideas about 
what is going on?


Thanks,
Rute


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiuslog.txt
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030415/d2cbc317/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030415/d2cbc317/attachment.ksh>


More information about the radiator mailing list