On Tue, Jan 19, 2016 at 02:42:44PM -0500, Alan DeKok wrote:
On Jan 19, 2016, at 12:54 PM, Matthew Newton <mcn4@leicester.ac.uk> wrote:
Adding in the new "inner_eap_module" option to the outer PEAP section fixes it (inner_eap_module = "outer-eep")
Is that a typo? Are you sure it isn't "inner_eap_module = "inner-eap"
Er, dunno - I was just trying things to get the server to start, not knowing exactly what inner_eap_module actually does. I didn't check that it would actually authenticate anything ;-) I have eap outer-eap { default_eap_type = peap ... tls-config tls-common-outer { ... } # permit plain eap-tls tls { tls = tls-common-outer virtual_server = check-eap-tls } # for peap/eap-tls peap { tls = tls-common-outer default_eap_type = tls copy_request_to_tunnel = yes use_tunneled_reply = no virtual_server = "inner-tunnel" soh = yes soh_virtual_server = "soh-server" # added 'inner_eap_module = "outer-eap"' here } } eap inner-eap { default_eap_type = tls ... tls-config tls-common-inner { ... } # for inner eap-tls tls { tls = tls-common-inner virtual_server = check-eap-tls } } Is 'inner_eap_module' overriding 'virtual_server = "inner-tunnel"', or just setting which module to call in the outer authenticate section? I assumed the latter. m. -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>