[RADIATOR] Cannot process multiple AuthBy sections during authentication request

Tuure Vartiainen vartiait at open.com.au
Mon Oct 2 13:57:02 UTC 2017


Hi Stephan,

> On 2 Oct 2017, at 13.48, <S.Schwarz at lumc.nl> <S.Schwarz at lumc.nl> wrote:
> 
> I saw the disclaimer saying EAP_MSCHAPv2_UseMultipleAuthBys should be avoided, but instead try to use EAP_PEAP_MSCHAP_Convert.
> What would normally be the recommended situation to use the EAP_PEAP_MSCHAP_Convert at?
> 

When you are proxying requests to RADIUS server which does not support EAP-MSCHAPv2 but 
can still handle ordinary RADIUS-MSCHAPV2.

http://www.open.com.au/radiator/ref/EAP_PEAP_MSCHAP_Convert.html#EAP_PEAP_MSCHAP_Convert


Currently, EAP_MSCHAPv2_UseMultipleAuthBys is a kind of a workaround, but should not be needed 
in a future.

> 
> Since we share our infrastructure, we use a proxy RADIUS server (also radiator) in order to forward the requests to the customer network for request handling. Would the best practice generally be to use the convert part at the proxy or on the validating RADIUS server?
> 

To do the conversion at the proxying RADIUS server.


BR
-- 
Tuure Vartiainen <vartiait at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.



More information about the radiator mailing list