Good morning, I have been studying the configuration of the file sites-available/inner-tunnel and making some tests. I have found that the "files" check in the authorize section made my configuration not to work as desired because, as Alan said, inside the TLS tunnel the huntgroup check was failing. As the users file is checked on the first requests received, and the wrong huntgroup filtered out, it is not necessary to check it again inside the tunnel. I have removed it from my configuration and it is working ok now. Just wanted to update how my question got resolved. Thank you very much again for your help. Regards, * Oscar Remírez de Ganuza Satrústegui* Servicios Informáticos (Área de Infraestructuras) Universidad de Navarra Tel. +34 948425600 x3130 http://www.unav.es/SI/ On Fri, Jan 20, 2012 at 12:43 PM, Oscar Remírez de Ganuza Satrústegui < oscarrdg@unav.es> wrote:
On Fri, Jan 20, 2012 at 12:18 PM, Alan DeKok <aland@deployingradius.com>wrote:
Oscar Remírez de Ganuza Satrústegui wrote:
I can see in the "not working log" that on the first requests the huntgroup is been recognised ok. I just do not understand why it tries again to check it, until it fails (request #9).
Because it's checking the user *inside* of the TLS tunnel. Go read raddb/sites-available/inner-tunnel. You will probably need to modify your huntgroup check.
Ok, I will have a look at it and try to make it checking at the correct order.
I also do not understand why it needs so many requests (12!) to work ok.
That's how 802.1X works. It sends lots of packets.
Thank you very much for your fast answer, I really appreciate it.
Alan DeKok. <http://www.freeradius.org/list/users.html>
*Oscar Remírez de Ganuza Satrústegui* Servicios Informáticos (Área de Infraestructuras) Universidad de Navarra Tel. +34 948425600 x3130 http://www.unav.es/SI/