[RADIATOR] Eduroam, Radiator and MS NPS
Heikki Vatiainen
hvn at open.com.au
Mon Jul 9 16:03:04 CDT 2012
On 07/08/2012 04:37 PM, Safonov Roman wrote:
> Now we have WPA-2 Enterprise wireless network that authenticated with
> Windows NPS/AD. We use Juniper wireless controller and it works as PEAP
> off-load so I don’t need to use Radiator as PEAP server because I
> receive MSCHAP credentials to Radiator and according to a realm
> (subdomain) forward them to an appropriate MS NPS.
>
> We have 25-30 subdomains so I’ve built Radiator with realms for each
> subdomain and it works.
>
> Now I need to connect Eduroam to this scheme. But Eduroam sends to me
> all data (outer, inner etc.) and I need to work as full PEAP-MSCHAP server.
>
> OK. I’ve built one more proxy Radiator server (for tests) and it
> forwards RADIUS-MSCHAP requests to the main Radiator. And here I receive
> “Request Denied”.
>From the log:
Sun Jul 8 15:24:19 2012: DEBUG: EAP result: 2, EAP MSCHAP-V2 unknown
mschaptype 3
The client is sending unexpected tunnelled EAP-MSCHAP-V2 success.
Can you try without 'Fork' and 'Synchronous' options? They should not be
needed. If it does not work after that, please send a log showing what
happens.
> Below my radius.cfg file:
>
> <Handler ConvertedFromEAPMSCHAPV2=1>
> <AuthBy RADIUS>
> Fork
> Synchronous
Forking may be causing problems with EAP state when a new radiusd
instance is created.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list