Thanks Alan, Setting use_tunneled_reply = yes solved the issue. Interesting to note, that I didn't change this option in radius version 2.1.12 and access-accept still returned vlan and filter-id values. On the other note, can you tell which attribute i could match in access-request message in order to differentiate between 802.1x request and lets say ssh login to network device ? Thanks again, Vlad On Wed, Mar 9, 2016 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Mar 9, 2016, at 3:38 PM, Vlad Kratsberg <vkratsberg@gmail.com> wrote:
Correction regarding version 3.0.4:
The correct output is in peap section, it keeps insisting on mschap
after
performing the following change:
The server can request GTC. The client can still choose MS-CHAP.
Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no
You probably want to set this to "yes". That will cause the inner tunnel reply to be sent in the final Access-Accept
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html