Good morning,<br><br>I have been studying the configuration of the file sites-available/inner-tunnel and making some tests. I have found that the "files" check in the authorize section made my configuration not to work as desired because, as Alan said, inside the TLS tunnel the huntgroup check was failing.<br>
<br>As the users file is checked on the first requests received, and the wrong huntgroup filtered out, it is not necessary to check it again inside the tunnel. I have removed it from my configuration and it is working ok now.<br>
<br>Just wanted to update how my question got resolved.<br><br>Thank you very much again for your help.<br><br>Regards,<br clear="all"><font><font color="#888888"><b><br>Oscar Remírez de Ganuza Satrústegui</b> <br>
Servicios Informáticos (Área de Infraestructuras)<br>
Universidad de Navarra <br>
Tel. <a value="+34948425600">+34 948425600</a> x3130<br>
<a href="http://www.unav.es/SI/" target="_blank">http://www.unav.es/SI/</a></font></font><br>
<br><br><div class="gmail_quote">On Fri, Jan 20, 2012 at 12:43 PM, Oscar Remírez de Ganuza Satrústegui <span dir="ltr"><<a href="mailto:oscarrdg@unav.es">oscarrdg@unav.es</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Fri, Jan 20, 2012 at 12:18 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br></div><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
<div>Oscar Remírez de Ganuza Satrústegui wrote:<br> <br></div></div></blockquote><div class="im"><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
> I can see in the "not working log" that on the first requests the<br>
> huntgroup is been recognised ok. I just do not understand why it tries<br>
> again to check it, until it fails (request #9).<br>
<br>
</div> Because it's checking the user *inside* of the TLS tunnel. Go read<br>
raddb/sites-available/inner-tunnel. You will probably need to modify<br>
your huntgroup check.<br></blockquote></div><div><br>Ok, I will have a look at it and try to make it checking at the correct order.<br> </div><div class="im"><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><br>
> I also do not understand why it needs so many requests (12!) to work ok.<br>
<br>
</div> That's how 802.1X works. It sends lots of packets.<br></blockquote></div><div><br>Thank you very much for your fast answer, I really appreciate it.<br> <br></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span><font color="#888888"><br>
Alan DeKok.<br>
<a href="http://www.freeradius.org/list/users.html" target="_blank"></a><br>
</font></span></blockquote></div><br><font><font color="#888888"><div class="im"><b>Oscar Remírez de Ganuza Satrústegui</b> <br></div><div class="im">
Servicios Informáticos (Área de Infraestructuras)<br>
Universidad de Navarra <br>
Tel. <a value="+34948425600">+34 948425600</a> x3130<br>
<a href="http://www.unav.es/SI/" target="_blank">http://www.unav.es/SI/</a></div></font></font><br>
</blockquote></div><br>