Thanks Phil, it's ok now. On Thu, May 17, 2012 at 3:14 PM, Phil Mayers <p.mayers@imperial.ac.uk>wrote:
On 05/17/2012 05:07 AM, C.F. Yeung wrote:
I have added a new eap_new with the other cert in eap.conf and tried the unlang policy. But, it still goes to my existing eap/cert. MAC address and IP are masked by x.
+- entering group authorize {...} ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") ? Evaluating (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE ++- entering if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") {...} [eap_new] EAP packet type response id 5 length 253 [eap_new] Continuing tunnel setup. +++[eap_new] returns ok ++- if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup.
You didn't do what I said. You're still running the "eap" module. You need:
authorize { ... if ( ... ) { eap_new } else { eap } ...
}
++[eap] returns ok
Found Auth-Type = eap_new Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'testuser'
READ the debug output please!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html <http://www.freeradius.org/list/users.html>