[RADIATOR] eap auth against active directory

Heikki Vatiainen hvn at open.com.au
Wed Oct 10 04:10:19 CDT 2012


On 10/09/2012 09:44 PM, James Zee wrote:

> Unfortunately, however, when we proxy our EAP requests through Radiator,
> NPS sends an ACCESS-REJECT back without much logging. From what I can
> tell, NPS is not responding because the RADIUS message that is proxied
> through Radiator does not have a valid NAS port type.
> 
> Shouldn't the proxied request include a NAS port type? Is there a way to
> "fake" or append a NAS port type to the RADIUS request?

You can take the NAS-Port-Type from the original, outer RADIUS request
with this:

  AddToRequest NAS-Port-Type=%{OuterRequest:NAS-Port-Type}

Add the option to the Handlers that take care of requests marked with
TunnelledByPEAP=1 and ConvertedFromEAPMSCHAPV2=1

That should take care of NAS-Port-Type problem if you want or need to
continue proyxing to NPS.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list