Default vs Inner-tunnel concepts
Alan DeKok
aland at deployingradius.com
Fri Oct 20 16:34:04 CEST 2017
On Oct 20, 2017, at 10:21 AM, Tom Yard <tomyyard at gmail.com> wrote:
>
> Dear, I've read about define a separate inner-tunnel virtual server
The inner-tunnel virtual server is run from the "eap" module. Read raddb/mods-available/eap for more information.
> and I
> did this:
>
> In the "wifi" virtual server I call the "wifi-tunnel" virtual server:
>
> if (LDAP-Group == "WiFi") {
> update control {
> Virtual-Server := "wifi-tunnel"
That doesn't work.
You can't just magically set things, and expect them to do what you want.
The way the server works is documented. You can also read the debug output to see when the inner-tunnel virtual server is called.
> In "wifi-tunnel" virtual server:
>
> if (LDAP-Group == "WiFi-Corp") {
> update reply {
> Reply-Message = "Access enabled"
> }
> ok
> }
> else {
> reject
> }
And that won't work, either.
> But in debug I see this warning, so "wifi" virtual server doesn't call to
> "wifi-tunnel" virtual server, so I think I don't have the eap with TLS
> capacity, I have Freeradius 2.2.5:
2.2.5 supports EAP-TLS. All of the documentation and examples makes this VERY clear.
> WARNING: You are modifying the value of virtual attribute Virtual-Server.
> This is not supported.
>
> Did I do this in a wrong way ???
Yes.
I'll also note that I asked you a question, which you ignored:
>> The better question is why do you need to do that, and what are you
>> trying to do?
I asked the question because I was trying to help you. Answering it would not only be polite, but would help *you* solve whatever issue you're trying to solve.
If you're going to ignore the advice given on this list, I don't see why you would ask questions here.
Alan DeKok.
More information about the Freeradius-Users
mailing list