On Tue, Sep 11, 2012 at 3:54 PM, Mihajlo Joksimovic <mihajlo.joksimovic@adfinis-sygroup.ch> wrote:
IPhone test: rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21, length=197 Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec
Service-Type = Framed-User User-Name = "nadine.bosshard" Framed-MTU = 1488 Called-Station-Id = "204E7FE98EF3:TCSVO-Intern" Calling-Station-Id = "9803D861E85C" NAS-Identifier = "aptcsvo02" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02000014016e6164696e652e626f737368617264 NAS-IP-Address = 10.119.12.2 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 20 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
There should be other lines before that. Like the ones that says it's using inner-tunnel?
rlm_unix: [nadine.bosshard]: invalid shell [/bin/false] ++[unix] returns reject
Did you read that line? You have "unix" in authorize section of inner tunnel. And user nadine.bosshard is not allowed to login to the system (invalid shell). FR does the right thing. Comment-out that line in inner tunnel. Your radlogin test succeed because you don't have "unix" in authorize section of default virtual server. See how important complete debug logs are? ... and seriously, upgrade. There are many known bugs fixed since 2.0.x. And if you can edit the configuration freely by hand, you should be able to upgrade. -- Fajar