Default entry to allow all
Fajar A. Nugraha
fajar at fajar.net
Wed Feb 3 03:01:34 CET 2010
On Wed, Feb 3, 2010 at 6:44 AM, Godfrey Peart <grpeart at googlemail.com> wrote:
> I know, that's what baffling me, under my normal setup I get the TLS tunnel
> established and authentication works fine, but here there is no TLS setup
> just
> an accept mesage that matches the default entry but the client doesn't
> connect.
> Do I need to do any other tweaking concerning the peap setup
Ah, OK.
My guess is it's from the default server. If your client insists on
EAP, then perhaps you can create another instance of files module
(named files2 or whatever), change it to point to a new users file
(usersfile = ${confdir}/users2), then use that module inside
sites-enabled/inner-tunnel. The original users file should be left as
it is (no DEFAULT Auth-Type), while users2 file is edited to have that
entry.
... or perhaps you could simply edit sites-enabled/inner-tunnel, on
autorize section add these
update control {
Auth-Type = Accept
}
update reply {
whatever-attribute-you-need-here = some-value
}
--
Fajar
More information about the Freeradius-Users
mailing list