Default vs Inner-tunnel concepts
Tom Yard
tomyyard at gmail.com
Fri Oct 20 16:21:54 CEST 2017
Dear, I've read about define a separate inner-tunnel virtual server and I
did this:
In the "wifi" virtual server I call the "wifi-tunnel" virtual server:
if (LDAP-Group == "WiFi") {
update control {
Virtual-Server := "wifi-tunnel"
}
ok
}
else {
reject
}
}
In "wifi-tunnel" virtual server:
if (LDAP-Group == "WiFi-Corp") {
update reply {
Reply-Message = "Access enabled"
}
ok
}
else {
reject
}
But in debug I see this warning, so "wifi" virtual server doesn't call to
"wifi-tunnel" virtual server, so I think I don't have the eap with TLS
capacity, I have Freeradius 2.2.5:
WARNING: You are modifying the value of virtual attribute Virtual-Server.
This is not supported.
Did I do this in a wrong way ???
Thanks a lot,
TOM
2017-10-19 11:08 GMT-03:00 Alan DeKok <aland at deployingradius.com>:
> On Oct 19, 2017, at 9:51 AM, Tom Yard <tomyyard at gmail.com> wrote:
> >
> > OK Alan, thank you....but suppose I need to create a second custom
> virtual
> > server for eap with TLS too, called for example "wifi" and
> > "wifi-tunnel"....where do I have to define them in order to be read???
>
> The better question is why do you need to do that, and what are you
> trying to do?
>
> > client 10.2.0.1 {
> > secret = secret
> > shortname = WLC
> > nastype = cisco
> > virtual_server = wifi
> > virtual_server = wifi-tunnel
> > }
> >
> > Is this OK ?
>
> No. You can't list "virtual_server" twice, and expect it to magically
> work. The default configuration doesn't do this, either.
>
> The references to "inner-tunnel" are in raddb/mods-available/eap. Go
> read the comments there to see how it works.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list