hi,
but still have some issues. I am now testing through an eduroam web-sign-in, where the actual main requests will come from. It appears
there is no such thing as eduroam web sign-in. captive portal eduroam was killed off back in the early days - pre 2012 are you talking about a site you have access to that allows some sort of testing functionality in your NRO (is that SAFIRE per chance?) - if so, it should not be using PAP , it should be using at least a PEAP mechanism (ideally it would support any EAP type supported by the home organisation so ensure the home org can test its users behaviour remotely). (as said in previous reply, your RADIUS server should be configured to drop incoming requests if they are not EAP
require_message_authenticator = no
and set those to 'yes' in your clients.conf
(1) User-Name = "mytextusername@my.domain.edu" (1) User-Password = "mypassinplaintext"
not an EAP request - so it wont get to your inner-server config (which , being from outside world should be a rather plain inner-server that doesnt do things like VLAN assignment based on groups etc etc) alan