[RADIATOR] Reply-Message = "EAP authentication is not permitted."

Heikki Vatiainen hvn at open.com.au
Wed Oct 26 15:00:36 CDT 2011


On 10/26/2011 03:10 PM, Mike Puchol wrote:

> I just realized you said 4.7 -- you can upgrade to 4.8, or 4.9 which was
> recently released, and which includes many improvements to EAP such as:
> 
> "Fixed an issue with TTLS and PEAP: When inner authentication is
> proxied, e.g. EAP-MSCHAP-V2 to MS NPS, NPS sends back State. If
> Radiator does not return State, proxying inner auth fails."
> 
> May not be your issue, but it helps to have the latest version or the
> one below + patches if you're not a risky type ;-)

This fix becomes useful when you configure EAP_PEAP_MSCHAP_Convert (see
4.9 ref.pdf section "5.20.44 EAP_PEAP_MSCHAP_Convert") and proxy the
resulting conventional MSCHAPv2 to an external Microsoft NPS RADIUS server.

>From the NPS viewpoint Radiator is a NAS and when the NPS adds a State
attribute in the Access-Challenge it sends back to Radiator, it expects
Radiator to reply with the same State. This fix makes Radiator to honor
better keeping track of received State as expected from a NAS.

Thanks!
Heikki

> Cheers,
> 
> Mike
> ---
> s: mikepuchol
> t: @mikepuchol
> 
> On Wednesday, October 26, 2011 at 1:25 PM, Ronald Pérez wrote:
> 
>> Hi Guys,
>>
>> I'm running radiator 4.7, when i tried an EAP authentication i got
>> this message.
>>
>> Reply-Message = "EAP authentication is not permitted."
>>
>> Do you know what's the cause?
>>
>> Best regards,
>> Ronald
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au <mailto:radiator at open.com.au>
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list