On 10/09/2012 09:44 PM, James Zee wrote:
> Unfortunately, however, when we proxy our EAP requests through Radiator,
> NPS sends an ACCESS-REJECT back without much logging. From what I can
> tell, NPS is not responding because the RADIUS message that is proxied
> through Radiator does not have a valid NAS port type.
>
> Shouldn't the proxied request include a NAS port type? Is there a way to
> "fake" or append a NAS port type to the RADIUS request?
You can take the NAS-Port-Type from the original, outer RADIUS request
with this:
AddToRequest NAS-Port-Type=%{OuterRequest:NAS-Port-Type}
Add the option to the Handlers that take care of requests marked with
TunnelledByPEAP=1 and ConvertedFromEAPMSCHAPV2=1
That should take care of NAS-Port-Type problem if you want or need to
continue proyxing to NPS.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
