On Thu, Nov 12, 2015 at 07:14:32PM +0800, Tim Chen wrote:
3. EAP(PEAP) I use eapol_test to test identity="john" PASS identity="john@eduroam.example.edu" FAIL!!
Have you still got this config? passwd passwdf1 { filename = /home/radius/passwd1 format = "*Stripped-User-Name:NT-Password:" as you need to look up Stripped-User-Name in the passwd file, not User-Name.
User-Name = "john@eduroam.example.edu" server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] Looking up realm "eduroam.example.edu" for User-Name = " john@eduroam.example.edu" [suffix] Found realm "eduroam.example.edu" [suffix] Adding Stripped-User-Name = "john" [suffix] Adding Realm = "eduroam.example.edu" [suffix] Proxying request from user john to realm eduroam.example.edu
What Alan said - how is your proxying defined? Is eduroam.example.edu your local realm or remote? It is very unlikely you want to be proxying in the inner tunnel. In which case make sure you've still got update control { Proxy-To-Realm := LOCAL } there.
[suffix] Preparing to proxy authentication request to realm " eduroam.example.edu" ++[suffix] = updated ++update control { ++} # update control = noop [eap] EAP packet type response id 9 length 27 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [files] file_common ++[files] = noop ++[passwdf1] = notfound
See config above - if you are looking for User-Name then that will explain why this is notfound. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>