Radim KUPKA
2008-01-06 11:16:23 UTC
Hi all,
I found very much usefull information about this configuration on the
internet. But I have still problem with this configuration.
I need terminated PEAP locally on the Freeradius and redirect only mschapv2
to IAS server for authentication.
Authentication server: FreeRadius.net version: 1.1.7
Supplicant: Win XP SP2 (with PEAP)
Authenticator: Ovislink WL-5460AP v2
- users.conf
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := Safeword
- proxy.conf
realm Safeword {
type = radius
authhost = <ip>:1645
accthost = <ip>:1646
secret = <secret>
}
- eap.conf
peap {
default_eap_type = mschapv2
proxy_tunneled_request_as_eap = no
}
Everything work OK, Ovislink send request to FreeRadius server, FreeRadius
send Access-Request to IAS (mschapv2) IAS send Access-Accept, but Ovislink
received Access-Challenge from FreeRadius, one two, three ... and on the end
authetication failed.
If I use user database on FreeRadius everything work OK. (Access-Request,
Access-Accept) no problem.
Is it possible configure FreeRadius as only resend reply from IAS to
Ovislink? Or I have problem with configuration.
If you want I send you configuration files and log from debug mode.
I want this configuration because I want use one time password
authetication, but Safeword plugin on Active Directory doesn't understand
PEAP protocol.
Only one way is use FreeRadius as proxy.
Thank you for your help.
Rgdrs,
Radim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I found very much usefull information about this configuration on the
internet. But I have still problem with this configuration.
I need terminated PEAP locally on the Freeradius and redirect only mschapv2
to IAS server for authentication.
Authentication server: FreeRadius.net version: 1.1.7
Supplicant: Win XP SP2 (with PEAP)
Authenticator: Ovislink WL-5460AP v2
- users.conf
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := Safeword
- proxy.conf
realm Safeword {
type = radius
authhost = <ip>:1645
accthost = <ip>:1646
secret = <secret>
}
- eap.conf
peap {
default_eap_type = mschapv2
proxy_tunneled_request_as_eap = no
}
Everything work OK, Ovislink send request to FreeRadius server, FreeRadius
send Access-Request to IAS (mschapv2) IAS send Access-Accept, but Ovislink
received Access-Challenge from FreeRadius, one two, three ... and on the end
authetication failed.
If I use user database on FreeRadius everything work OK. (Access-Request,
Access-Accept) no problem.
Is it possible configure FreeRadius as only resend reply from IAS to
Ovislink? Or I have problem with configuration.
If you want I send you configuration files and log from debug mode.
I want this configuration because I want use one time password
authetication, but Safeword plugin on Active Directory doesn't understand
PEAP protocol.
Only one way is use FreeRadius as proxy.
Thank you for your help.
Rgdrs,
Radim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html