Hello, thanks for your answers. I upgraded to 3.0.12 and got debug output as attached. It seems strange that Windows 8 and 10 are able to connect while MacOS and Linux aren't. As far as I understand MacOS tries to use MS-CHAPv2 and this does not seem to work. It seems my perl auth script does not get a password through while using mschapv2. Am 2016-10-17 17:29, schrieb A.L.M.Buxey@lboro.ac.uk:
/var/log/radius-eduroam/radacct/127.0.0.1/auth-detail-20161017 [auth_log] expand: %t -> Mon Oct 17 15:05:33 2016 ++[auth_log] = ok [suffix] Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" [suffix] No such realm "ash-berlin.eu"
so, a realm you are trying to auth isnt defined in the proxy.conf as one of your own eg
realm ash-berlin.eu { }
Did that :)
[files] users: Matched entry DEFAULT at line 1 what is on line 1 of your users file?(I shudder to think....)
Found Auth-Type = Perl Found Auth-Type = EAP Warning: Found 2 auth-types on request for user yes....see that warning. you are forcing rhe server to do something - eg Auth-Type is being manually set. you shouldnt need to do that...
I read this in the readme of rlm_perl which I use - http://wiki.freeradius.org/modules/Rlm_perl [1] So I set DEFAULT Auth-Type := Perl Fall-Through = yes in the users (ok now it is mods-config/files/authorize) file. The rest is commented out. If I take this entry out login via Windows fails, too.
++? if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) -> FALSE as you can see, this policy you have isnt matching. if you have the relam defined, you can just check for %{Realm} being populated...nice and easy.
Which would be the appropriate file to do this?
now, the debug never shows an access-accept or reject.....the server never ends up in an inner-tunnel.
what is the PERL script for? does it need to be called for an EAP auth in the outer phase? you need to streamline the policy so only calls to relevant modules are called in the outer phase and only the bits you need (once EAP tunnel has been configured, client happy with cert from server etc) are called....
The perl script is for a custom type of authentication only. I have difficulties understanding what inner and outer identity are. Do you have a good hint on what to read to fully understand this? With kind regards, Marlen Caemmerer -- ************************************************ Alice Salomon Hochschule Computerzentrum Marlen Caemmerer Alice-Salomon-Platz 5 12627 Berlin Email: caemmerer@ash-berlin.eu ************************************************ Links: ------ [1] http://wiki.freeradius.org/modules/Rlm_perl