(RADIATOR) PEAP config and proxying
Hugh Irvine
hugh at open.com.au
Tue Apr 15 19:07:12 CDT 2003
Hello Rute -
Thanks for sending the debug and configuration.
You say below that users who authenticate without the "mydomain.xpto"
suffix are successful - I am having trouble understanding how this
would happen given the configuration you show below. I would have
thought that any usernames without a realm suffix would get proxied by
the <Handler> clause.
I also don't understand the second series of Access-Requests you
receive:
> Code: Access-Request
> Identifier: 44
> Authentic: ,<24><204><152><219><28>8<7><215><7><171>b<218><141><253>|
> Attributes:
> cisco-avpair = "ssid=xpto"
> NAS-IP-Address = 192.168.1.1
> Called-Station-Id = "000bfd8bf299"
> Calling-Station-Id = "000bbe2ce5df"
> NAS-Identifier = "AP1200-8bf299"
> NAS-Port = 37
> Framed-MTU = 1400
> NAS-Port-Type = 19
> EAP-Message =
> <2><10><0>&<25><0><23><3><1><0><27><248><26><237><192><193>><172><29><1
> 99>D<181>2Al<18>$Z<247>UQ<240><229>b%><174><161>
> Message-Authenticator =
> W@<215><168><2><149><15><237><17><19><127><239><240><241><2><222>
>
These appear to be some special form of request from the access point?
Thanks for any clarification.
regards
Hugh
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list