Good morning,
I have been studying the configuration of the file sites-available/inner-tunnel and making some tests. I have found that the "files" check in the authorize section made my configuration not to work as desired because, as Alan said, inside the TLS tunnel the huntgroup check was failing.
As the users file is checked on the first requests received, and the wrong huntgroup filtered out, it is not necessary to check it again inside the tunnel. I have removed it from my configuration and it is working ok now.
Just wanted to update how my question got resolved.
Thank you very much again for your help.
Regards,
Oscar Remírez de Ganuza Satrústegui
Servicios Informáticos (Área de Infraestructuras)
Universidad de Navarra
Tel. +34 948425600 x3130
http://www.unav.es/SI/
On Fri, Jan 20, 2012 at 12:18 PM, Alan DeKok <aland@deployingradius.com> wrote:Oscar Remírez de Ganuza Satrústegui wrote:
> I can see in the "not working log" that on the first requests theBecause it's checking the user *inside* of the TLS tunnel. Go read
> huntgroup is been recognised ok. I just do not understand why it tries
> again to check it, until it fails (request #9).
raddb/sites-available/inner-tunnel. You will probably need to modify
your huntgroup check.
Ok, I will have a look at it and try to make it checking at the correct order.
That's how 802.1X works. It sends lots of packets.
> I also do not understand why it needs so many requests (12!) to work ok.
Thank you very much for your fast answer, I really appreciate it.
Alan DeKok.
Oscar Remírez de Ganuza SatrústeguiServicios Informáticos (Área de Infraestructuras)
Universidad de Navarra
Tel. +34 948425600 x3130
http://www.unav.es/SI/