2 Certs for 2 SSID (802.1x)
Phil Mayers
p.mayers at imperial.ac.uk
Thu May 17 09:14:57 CEST 2012
On 05/17/2012 05:07 AM, C.F. Yeung wrote:
> I have added a new eap_new with the other cert in eap.conf and tried the
> unlang policy. But, it still goes to my existing eap/cert. MAC address
> and IP are masked by x.
>
> +- entering group authorize {...}
> ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam")
> ? Evaluating (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE
> ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE
> ++- entering if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") {...}
> [eap_new] EAP packet type response id 5 length 253
> [eap_new] Continuing tunnel setup.
> +++[eap_new] returns ok
> ++- if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") returns ok
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "testuser", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 5 length 253
> [eap] Continuing tunnel setup.
You didn't do what I said. You're still running the "eap" module. You need:
authorize {
...
if ( ... ) {
eap_new
}
else {
eap
}
...
}
> ++[eap] returns ok
> Found Auth-Type = eap_new
> Found Auth-Type = EAP
> Warning: Found 2 auth-types on request for user 'testuser'
READ the debug output please!
More information about the Freeradius-Users
mailing list