Wolfgang Burger wrote:
The output:
mac339:~ system$ sudo radiusd -X FreeRADIUS Version 2.0.0-pre2, for host powerpc-apple-darwin8.10.0,
Hmm... grab the latest CVS version. It's now called 2.0.0-beta, and it much better than -pre2. See raddb/sites-available/, and eap.conf for samples of virtual servers. You can control the inner-tunnel authentication COMPLETELY separately from everything else. ...
Sending Access-Request of id 196 to XXX.XXX.XXX.XXX port 1645 ... EAP-Message = 0x0200000c0162757267657277
You've configured it to proxy the OUTER session, not the inner one. $ cd raddb/sites-enabled $ ln -s ../sites-available/inner-tunnel $ cd ../.. $ vi eap.conf (un-comment "virtual_server = inner-tunnel". $ vi sites-available/inner-tunnel In the "authorize" section, add: update control { Proxy-To-Realm := "realm..." } And probably delete everything else from the "authorize" section. This will tell the server to proxy the inner tunnel section to somewhere else...
Thank you for your help Alan. I wish any commercial product would have a support as good as yours.
<g> Some may argue. But they're WRONG! Alan DeKok.