Mike Brennan wrote:
From the previous e-mail I put the sql query in the inner-tunnel (this was confirmed by Alan), however, I think this maybe incorrect - I believe it should go in the default file (AM I CORRECT?)
(a) you can wander around making random changes to "fix" things, or (b) you can understand what's going on. It's not hard. And no, I'm not going to spoon-feed you. The answer is in front of you. It's in the debug logs you posted. Have you read them, looking for "inner-tunnel"?
The other test fails - see the following two files: rfc4590_freeradius_debug and the radiusclient_rfc4590. The authentication fails, I suspect that the attributes passed seems to cause FreeRadius to reject the authentication. Not sure whether it is the client causing the trouble with erroneous setting of the attributes or whether Freeradius is interpreting them incorrectly
FreeRADIUS doesn't implement RFC 4590. So far as I've seen, no one else does, either.
It would be good to get to the bottom of the problem with using RFC 4590 - I hope the debug files help. In the debug some fields are set as removed - this is what I replaced sensitive information with.
What client are you using to generate the digest authentication? Alan DeKok.