On Tue, Sep 11, 2012 at 3:54 PM, Mihajlo Joksimovic
<mihajlo.joksimovic@adfinis-sygroup.ch> wrote:
IPhone test:
rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21,
length=197
Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec
Service-Type = Framed-User
User-Name = "nadine.bosshard"
Framed-MTU = 1488
Called-Station-Id = "204E7FE98EF3:TCSVO-Intern"
Calling-Station-Id = "9803D861E85C"
NAS-Identifier = "aptcsvo02"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02000014016e6164696e652e626f737368617264
NAS-IP-Address = 10.119.12.2
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm
NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 0 length 20
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
There should be other lines before that. Like the ones that says it's
using inner-tunnel?
rlm_unix: [nadine.bosshard]: invalid shell [/bin/false]
++[unix] returns reject
Did you read that line? You have "unix" in authorize section of inner
tunnel. And user nadine.bosshard is not allowed to login to the system
(invalid shell). FR does the right thing. Comment-out that line in
inner tunnel.
Your radlogin test succeed because you don't have "unix" in authorize
section of default virtual server.
See how important complete debug logs are?
... and seriously, upgrade. There are many known bugs fixed since
2.0.x. And if you can edit the configuration freely by hand, you
should be able to upgrade.