Inner tunnel post auth question
Franks Andy (RLZ) IT Systems Engineer
Andy.Franks at sath.nhs.uk
Mon May 13 18:05:23 CEST 2013
Hi,
The upgraded freeradius works fine, no surprise there I guess. Can't get any updated control, reply or whatever attributes to pass back to the default virtual server from the tunnel though, try as I might. Perhaps it's something to do with it being PEAP? I tried the authorize section and post auth section, but it never makes it through.
It's not really critical at this point, just annoying me. I'm sure it's something I need to do differently but I'm not sure what.
Thanks
Andy
-----Original Message-----
From: freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 11 May 2013 14:26
To: FreeRadius users mailing list
Subject: Re: Inner tunnel post auth question
Franks Andy (RLZ) IT Systems Engineer wrote:
> My FR version is 2.1.10+dfsg-3build2_amd64. Unless there’s a nice
> package for Ubuntu 12.04 server then I’ll be compiling from source then
> I think.
Yes. Upgrading would be good.
> so yes, the “use_tunneled reply” bit is there. Is that what’s causing
> the copying of attributes from within the tunnel to fail, or is that
> setting what it’s supposed to be?
The "use_tunneled_reply" configuration only works for Access-Accept.
> I’m still getting my head around the
> eap thing – like for example why I need authorization and authentication
> settings in the inner-tunnel virtual server for eap again – my intuition
> would tell me that the inner eap just needs mschap in there if that’s
> the protocol inside the tunnel, but then perhaps it’s something to do
> with the “protection” bit of peap that means it’s a “tunnel within a
> tunnel” or something. Like I said still getting my head around it all.
You need "eap" in the inner-tunnel because PEAP sends EAP in the
inner-tunnel.
> I’d still like to get the attributes copying from the inner to outer
> tunnels regardless of the fix in 2.2. It’s gnawing at me a bit.
Well... if you want a feature from a later version of the server,
upgrade. You can't magically create a feature without code changes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list