post-auth not being entered in inner-tunnel
olivier at heliosnet.org
Wed Mar 13 14:05:03 CET 2013
On 13.03.2013 12:46, Alex Sharaz wrote:
> I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel post-auth in order to write user-name some other attributes into a back end mysql database server and it all works. If I've got non-eap requests coming in , the "default" site deals with it. If I've got eap-based requests coming in the inner-tunnel deals with them. About a week ago I downloaded the latest 2.2 code from git.freeradius, built that and upgraded one of my FR2.2 servers. Since then I can't see an invocation of post-auth within the inner-tunnel. I can see it for the "default" site but not the inner-tunnel. Everything else seems to work but not that. Same hardware platform, same config files just different FR code.
> I've generated two radius -X dumps, vsn220.log and vsn221.log on my test server. The only raw client accessing this server is the switch my mac is sitting on configured to do macauth and 802.1x on my ethernet port. By simply disconnecting and reconnecting my mac I've generated a macauth followed by an 802.1x auth. In both files you can see post-auth being invoked for the default site. but only the vsn220.log file has a corresponding post-auth for the inner-tunnel.
> It may be that there's something else I've configured wrong that is only showing up in van 2.2.1 (ish). Should I be sending these traces to the free radius list or is there another address I can email them to
Sounds weird. But again hard to tell without a radius -X output. Just
send it here on the list, a complete request output, and maybe the
relevant virtual-server configuration snippet
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users