PEAP/MSCHAPv2, Post-Auth-Type REJECT {} of inner-tunnel is never entered for access reject
Alan DeKok
aland at deployingradius.com
Thu Jul 8 14:30:06 CEST 2010
Fads Afds wrote:
> Hi Fellows,
>
> I have configured FreeRadius 2.1.8 running on SLES 11 for PEAP/MSCHAPv2. MySQL is used for user database. I have tested using "eapol_test" and win/XP SP3 supplicant.
> Accounting data can be received & stored to radacct table.
> Inner-server can successfully accept user with accumulated session time quota not exceeded and reject user with accumulated session time quota exceeded.
> My problem:
> I expect to store accept or reject log with rejecting message to radpostauth table.
> For access-accept case, sql inside post-auth {} of inner-tunnl is invoked and logging message is written to radpostauth table as expected.
> For access-reject cases (username not existed in db, wrong username, accumulated session time quota exceeded, etc), Post-Auth-Type REJECT {} of inner-tunnel is never entered. What is wrong? Any help? Thanks in advance.
The server does not currently run the "Post-Auth-Type Reject" when in
the inner tunnel. Instead, it is run in the default virtual server,
outside of the tunnel.
Alan DeKok.
More information about the Freeradius-Users
mailing list