AW: AW: postproxy breaks eap authentication
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 17 15:35:57 CET 2010
On 17/11/10 14:27, hans.bornemann at tu-dortmund.de wrote:
>
> The default config is working, I wrote that in the first mail. IF I make this additional config, then eap is broken:
>
> /etc/freeradius/sites-enabled/default:
> ....
> post-proxy {
> post_proxy_log
> #attr_rewrite
> attr_filter.post-proxy
> eap
> # Post-Proxy-Type Fail {
> # detail
> # }
>
> /etc/freeradius/attrs:
>
> tu-dortmund.de
> Tunnel-Private-Group-ID :=8,
> Fall-Through = Yes
>
> DEFAULT
> Tunnel-Type := VLAN,
> Tunnel-Medium-Type := IEEE-802
>
>
Yes, BECAUSE YOU HAVE BROKEN EAP.
Did you read my email?
EAP requires the EAP-Message, Message-Authenticator and other
attributes. You have configured the attribute filter to remove them. So
EAP is breaking.
Fix your broken attribute filter. Look at the /etc/raddb/attrs file that
comes with FreeRadius.
More information about the Freeradius-Users
mailing list