Hi,
/var/log/radius-eduroam/radacct/127.0.0.1/auth-detail-20161017 [auth_log] expand: %t -> Mon Oct 17 15:05:33 2016 ++[auth_log] = ok [suffix] Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" [suffix] No such realm "ash-berlin.eu"
so, a realm you are trying to auth isnt defined in the proxy.conf as one of your own eg realm ash-berlin.eu { }
[files] users: Matched entry DEFAULT at line 1
what is on line 1 of your users file?(I shudder to think....)
Found Auth-Type = Perl Found Auth-Type = EAP Warning: Found 2 auth-types on request for user
yes....see that warning. you are forcing rhe server to do something - eg Auth-Type is being manually set. you shouldnt need to do that...
++? if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) -> FALSE
as you can see, this policy you have isnt matching. if you have the relam defined, you can just check for %{Realm} being populated...nice and easy. now, the debug never shows an access-accept or reject.....the server never ends up in an inner-tunnel. what is the PERL script for? does it need to be called for an EAP auth in the outer phase? you need to streamline the policy so only calls to relevant modules are called in the outer phase and only the bits you need (once EAP tunnel has been configured, client happy with cert from server etc) are called.... alan