Eap in v4
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Mar 21 09:50:36 CET 2018
> On Mar 21, 2018, at 7:35 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Mar 20, 2018, at 7:17 PM, Aleksandr Stepanov <alex-eri at ya.ru> wrote:
>>
>> solution comes faster if asked)
>>
>> authenticate mschap {
>> mschap
>> }
>
> An even faster solution is "don't destroy the default configuration". Over-writing the v4 configuration with files from v3 is wrong. If you want to upgrade, read raddb/README.md
>
> And repeat after me: Use the default configuration. It works.
Really though...
Again V4 is in a state of flux, one thing you're going to run into in particular with PEAP is that yields aren't yet supported from the inner-tunnel server to the outer server.
So if you attempt to use rlm_rest, rlm_radius or rlm_delay in the inner tunnel the server will likely hang, SEGV, or hit an assert.
This has been fixed for EAP-TLS, but EAP-TLS doesn't currently use a child request to run the virtual server, so you'll find any policies that used to reference things as &outer.<foo> won't work. This will be fixed, and at that point all your policies will break (again).
So you're welcome to use v4, but it's at your own risk. Don't expect it to be configuration or policy stable.
-Arran
More information about the Freeradius-Users
mailing list