A bit of help using the rlm_rest module with django-freeradius
Marty E. Plummer
hanetzer at startmail.com
Mon Nov 19 03:29:42 CET 2018
On Sun, Nov 18, 2018 at 08:05:15PM -0500, Alan DeKok wrote:
> On Nov 18, 2018, at 7:06 PM, Marty E. Plummer <hanetzer at startmail.com> wrote:
> > On Sun, Nov 18, 2018 at 09:43:05AM +0000, Adam Bishop wrote:
> >> Just send the freeradius debug log please.
> > I figured a replicatable setup in the form of docker would be enough.
> While documenting your system is useful, we're not going to build a clone of your docker image just to see what's going on with it.
> We ask for the debug output because we need it. All of the documentation says this, over and over and over again.
Fair. Though the docker images are pretty small relatively speaking.
> > However, some time after sending the initial email I managed to get it
> > figured out. Basically I had to move the rest stuff into inner-tunnel so
> > the eap stuff is decrypted/whatever so I could obtain User-Name and
> > User-Password for the rest authentication. Everything works now, so I
> > suppose the ml served as a bit of a rubber-duckie for me to work out my
> > own issues.
> If you run the server in debugging mode, you will see that the outer session doesn't have a User-Password attribute. But the inner one does. So... the conclusion is to move the REST call to the inner tunnel.
Could have sworn I mentioned that. Maybe I said it in the irc channel,
but yes, the problem was that User-Password was not available outside
the inner-tunnel. Turns out the django-freeradius project is meant for
use with captive-portals and not wpa2-eap (though by moving the REST
calls to the inner-tunnel apparently makes it usable outside of the
(btw, is irc.freenode.net/#freeradius official?)
> And that's why we say to run the server in debug mode. Because once you do that, many common problems become simple to debug.
Yeah, up until I determined to move the REST call into the inner tunnel
the freeradius server was only in debug mode.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users