Hi,
Examples of the code that I am running. I included a pastebin for the 3000 lines of radius -X output. WORKING RADTEST LINE radtest -t mschap daniel.radius passw0rd 127.0.0.1 0 testing123
radtest is a basic non EAP tool. therefore the authentication doesnt use the EAP module, therefore inner-tunnel isnt used....all you need to configure is stuff in 'default' (out of the box) or whatever you've called your non EAP virtual server
DEFAULT SITE AUTHENICATE SECTION authenticate {
fine.... testing from a client using 802.1X will activate the EAP module...and, with the default config you will see that hits the other virtual server - inner-tunnel - so THAT virtual server needs configuring. now, note, pay careful attention to the debug output....as the innerID info may be different to the outerID info - may have no realm in it...so stripped-user-name isnt populated etc. this needs to be dealt with. the debug output is big...but most of it can be skipped...you can clearly follow the RADIUS conversation in the output...remember, when the packet comes to the server it goes through the whole engine..all policies , from the start...so there is a lot of duplication (if there are no changes). you can skip straight to the part where is tells you its now using inner-tunnel (ie EAP has been started up and theres no big EAP-Message attributes being chucked around.... ignore those (for now, thats more advanced) - just look at the basics...like what the server is doing for authorize/authenticate in the inner tunnel. it DOES suddenly become easier and comprehensible (unlike those magic eye pictures which I've never been able to see) alan