[RADIATOR] eap auth against active directory
James Zee
jameszee13 at gmail.com
Fri Oct 12 01:11:09 CDT 2012
Thanks again for your helpful responses.
We seem to have everything working by proxying requests to NPS. We're
running into one final issue, however, that I can't seem to figure out.
Host-based authentication is failing. Specifically, Radiator is throwing an
error that indicates:
*for user host/blah.somewhere.com: PEAP Authentication Failure*
Any thoughts on why this may be happening? The only difference between the
ntlm_auth wireless Radiator configuration and this one is the RADIUS proxy
directive.
-james
On Wed, Oct 10, 2012 at 5:10 AM, Heikki Vatiainen <hvn at open.com.au> wrote:
> On 10/09/2012 09:44 PM, James Zee wrote:
>
> > Unfortunately, however, when we proxy our EAP requests through Radiator,
> > NPS sends an ACCESS-REJECT back without much logging. From what I can
> > tell, NPS is not responding because the RADIUS message that is proxied
> > through Radiator does not have a valid NAS port type.
> >
> > Shouldn't the proxied request include a NAS port type? Is there a way to
> > "fake" or append a NAS port type to the RADIUS request?
>
> You can take the NAS-Port-Type from the original, outer RADIUS request
> with this:
>
> AddToRequest NAS-Port-Type=%{OuterRequest:NAS-Port-Type}
>
> Add the option to the Handlers that take care of requests marked with
> TunnelledByPEAP=1 and ConvertedFromEAPMSCHAPV2=1
>
> That should take care of NAS-Port-Type problem if you want or need to
> continue proyxing to NPS.
>
> Thanks,
> Heikki
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20121012/c4f6d7c0/attachment.html
More information about the radiator
mailing list