On 04/04/12 18:34, Fajar A. Nugraha wrote:
@Glen, can you try testing with simple PAP? This is to isolate EAP-related problem.
You probably need to use radclient to manually add Calling-Station-Id attribute to the request. Look at the end of "radtest" program (which is a shell script) to see an example how to use radclient.
I've just tried with radclient: echo "User-Name = user01, Password = pass01, Calling-Station-Id = 98-4B-4A-F5-BF-40" | radclient -s localhost:1812 auth testing123 successfully authenticates the user using rlm_sql and pap. Changing the MAC to a different value fails the SQL query and authentication as expected. Going back to the access point, I can now understand that the failure is happening inside the inner-tunnel virtual server. First the authorize section is called which does the SQL query but can't match the user, then the authenticate section which fails because there's no password set. 5 minutes of googling later I found a pointer to copy_request_to_tunnel in the peap section of eap.conf and my client devices started authenticating. Many thanks to everyone who helped. Regards, glen.