inner/outer Tunnel attributes of TTLS/MS-CHAPv2

To: freeradius-users@lists.freeradius.org
Subject: inner/outer Tunnel attributes of TTLS/MS-CHAPv2
From: Vincent Magnin <Vincent.Magnin@unil.ch>
Date: Mon, 04 Feb 2008 10:18:25 +0100
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
User-agent: Internet Messaging Program (IMP) H3 (4.2-cvs)

Hello All,

I've an issue with passing attributes from EAP TTLS MS-CHAPv2 to outer:

My /etc/raddb/users contains:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
        User-Name := `%{User-Name}`,
        Fall-Through = yes

And my eap ttls module contains:

copy_request_to_tunnel = yes
use_tunneled_reply = yes



The user-name and Tunnel-* are not rewiten/copied to the outer.

This isssue is only with MS-CHAP, not PAP.

Running version: freeradius-1.0.1-3.RHEL4.5

radius -X :
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 39
modcall: group Auth-Type returns ok for request 39
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 39
radius_xlat:  '/var/log/radius/radacct/127.0.0.1/reply-detail-20080204'

rlm_detail:/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%dexpands to /var/log/radius/radacct/127.0.0.1/reply-detail-20080204

  modcall[post-auth]: module "reply_log" returns ok for request 39
modcall: group post-auth returns ok for request 39
  TTLS: Got tunneled reply RADIUS code 2
        User-Name := "vmagnin@unil.ch"
        Tunnel-Type:0 = VLAN
        Tunnel-Private-Group-Id:0 = "16"
        Tunnel-Medium-Type:0 = IEEE-802

MS-CHAP2-Success =0x5b533d31464345343644464444343239353838433043363243464630463638363938363532333336314637

        MS-MPPE-Recv-Key = 0xcf199064e5ce16501ad868646e8e7b3c
        MS-MPPE-Send-Key = 0x053e079625529879fe9f4f1cb9b7ad47
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000004
  TTLS: Got tunneled Access-Accept
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 39
modcall: group Auth-Type returns ok for request 39
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 39
radius_xlat:  '/var/log/radius/radacct/130.223.222.60/reply-detail-20080204'

rlm_detail:/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%dexpands to /var/log/radius/radacct/130.223.222.60/reply-detail-20080204

  modcall[post-auth]: module "reply_log" returns ok for request 39
modcall: group post-auth returns ok for request 39
Sending Access-Accept of id 60 to 130.223.222.60:1645

MS-MPPE-Recv-Key =0xc9abc77f52aa954231989e3bc26c35b2b6f6578dec2fe6b1bf06e9fb1b75740fMS-MPPE-Send-Key =0xe940dd6f47a1a7102d876dacf2f36385a5e717f96372d87256b5e6c1c3ba962b

        EAP-Message = 0x03060004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "anonymous"
Finished request 39

Follow-Ups:
- Re: inner/outer Tunnel attributes of TTLS/MS-CHAPv2
  - From: Alan DeKok <aland@deployingradius.com>

Previous by Date: Re: EAP-ttls tunnel inner outer authentication credential management
Next by Date: Re: How to connect to mySql
Previous by Thread: Re: Including files in from the dictionary files
Next by Thread: Re: inner/outer Tunnel attributes of TTLS/MS-CHAPv2
Freeradius-Users February 2008 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.