Fwd: Radius attributes sent in the wrong packet

Matthew Newton mcn4 at leicester.ac.uk
Wed May 14 11:59:22 CEST 2014 

On Wed, May 14, 2014 at 11:06:01AM +0200, Jan-Ivar Hansen wrote:
> Below is the Freeradius -X output, but please let me know if there is any
> more info I should provide:

You really should send the whole output of radiusd -X (starting
from the copyright notice) as the top bit provides information
needed.

I'm guessing here, but in your eap.conf file (or mods-enabled/eap,
if you're running v3) you need to set

peap {
     use_tunneled_reply = yes
}

by default is is no, so unneeded attributes set in the inner
tunnel are not propagated back to the outer (and therefore to the
NAS).

Matthew


> } # server inner-tunnel
> [peap] Got tunneled reply code 11
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "1074"
> Tunnel-Type:0 = VLAN
> Filter-Id = "ext_kenneth"
> EAP-Message = 0x010600221a0106001d10256bbeb94704e7c7167dca04979c1e626b656e6f6c73656e
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf91b84c8f91d9eac41ebdf4972430c9b
> [peap] Got tunneled reply RADIUS code 11
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "1074"
> Tunnel-Type:0 = VLAN
> Filter-Id = "ext_kenneth"
> EAP-Message = 0x010600221a0106001d10256bbeb94704e7c7167dca04979c1e626b656e6f6c73656e
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf91b84c8f91d9eac41ebdf4972430c9b
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 209 to 10.200.30.210 port 32773
> EAP-Message = 0x0106004b1900170301004064907aed054cfeccb100a980d466367158a766137fa38a3068cd4b89bb7ecba7a1b1c77482d4827899cf0ff2145ccfff18987b4c1e92a5268799359040077654
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x89791f5d8c7f06e31f4b857d445452c2
> Finished request 59.
> Going to the next request
> Waking up in 4.8 seconds.


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list