On 10/26/2011 03:10 PM, Mike Puchol wrote: > I just realized you said 4.7 -- you can upgrade to 4.8, or 4.9 which was > recently released, and which includes many improvements to EAP such as: > > "Fixed an issue with TTLS and PEAP: When inner authentication is > proxied, e.g. EAP-MSCHAP-V2 to MS NPS, NPS sends back State. If > Radiator does not return State, proxying inner auth fails." > > May not be your issue, but it helps to have the latest version or the > one below + patches if you're not a risky type ;-)
This fix becomes useful when you configure EAP_PEAP_MSCHAP_Convert (see 4.9 ref.pdf section "5.20.44 EAP_PEAP_MSCHAP_Convert") and proxy the resulting conventional MSCHAPv2 to an external Microsoft NPS RADIUS server. >From the NPS viewpoint Radiator is a NAS and when the NPS adds a State attribute in the Access-Challenge it sends back to Radiator, it expects Radiator to reply with the same State. This fix makes Radiator to honor better keeping track of received State as expected from a NAS. Thanks! Heikki > Cheers, > > Mike > --- > s: mikepuchol > t: @mikepuchol > > On Wednesday, October 26, 2011 at 1:25 PM, Ronald Pérez wrote: > >> Hi Guys, >> >> I'm running radiator 4.7, when i tried an EAP authentication i got >> this message. >> >> Reply-Message = "EAP authentication is not permitted." >> >> Do you know what's the cause? >> >> Best regards, >> Ronald >> >> _______________________________________________ >> radiator mailing list >> [email protected] <mailto:[email protected]> >> http://www.open.com.au/mailman/listinfo/radiator > > > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
