On Jan 12, 2017, at 8:41 AM, Arno Tarpin <arno.tarpin@gmail.com> wrote:
Thanks for your answer,
I try many thing and I finally found the problem :
...
I change the
eap {
default_eap_type = ttls
to
eap {
default_eap_type = mschapv2
That just changes EAP method negotiation. It should have zero effect on *success* of authentication. If your users are authenticating via TTLS, this change just makes the authentication take longer.
and add in the mschapv2 :
mschapv2 {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
All of that is wrong. It does *nothing*. You should delete the contents of that section, and go back to using the default configuration. You can't just copy configuration items from one place to another. The configuration is documented *extensively* in the comments. On top of that, run "radiusd -X" and read the output. You'll see the "mschapv2" section being parsed, and that none of the configuration you added is being printed out. Why? Because it's not used.
This work for me but I still don't know why, for me *default_eap_type = ttls* at the begin should point to :
ttls {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
Which point to the module/mschap file ?
Anyway now it's seem to work, Thanks you for your support !
Whatever you did, the changes above didn't affect anything. And I don't recommend people making these changes. Again, making random changes to the configuration is entirely the wrong approach. You need to understand what the configuration does. You need to read the debug output. You need to configure things to work. Alan DeKok.