Inner tunnel post auth question

Alan DeKok aland at deployingradius.com
Sat May 11 15:26:23 CEST 2013


Franks Andy (RLZ) IT Systems Engineer wrote:
> My FR version is 2.1.10+dfsg-3build2_amd64. Unless there’s a nice
> package for Ubuntu 12.04 server then I’ll be compiling from source then
> I think.

  Yes.  Upgrading would be good.

> so yes, the “use_tunneled reply” bit is there. Is that what’s causing
> the copying of attributes from within the tunnel to fail, or is that
> setting what it’s supposed to be?

  The "use_tunneled_reply" configuration only works for Access-Accept.

> I’m still getting my head around the
> eap thing – like for example why I need authorization and authentication
> settings in the inner-tunnel virtual server for eap again – my intuition
> would tell me that the inner eap just needs mschap in there if that’s
> the protocol inside the tunnel, but then perhaps it’s something to do
> with the “protection” bit of peap that means it’s a “tunnel within a
> tunnel” or something. Like I said still getting my head around it all.

  You need "eap" in the inner-tunnel because PEAP sends EAP in the
inner-tunnel.

> I’d still like to get the attributes copying from the inner to outer
> tunnels regardless of the fix in 2.2. It’s gnawing at me a bit.

  Well... if you want a feature from a later version of the server,
upgrade.  You can't magically create a feature without code changes.

  Alan DeKok.


More information about the Freeradius-Users mailing list