________________________________ From: Alan Buxey <alan.buxey@gmail.com>
send me your virtual server configs. There will be some obvious thing there.
I'm supposing you mean my virtual_server defined in the eap module? It refers to inner-tunnel, and it's content follows: server inner-tunnel { listen { ipaddr = 127.0.0.1 port = 18120 type = auth } authorize { filter_username custom_split_username_nai chap mschap suffix update control { &Proxy-To-Realm := LOCAL } eap { ok = return } files -ldap expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } mschap eap } session { radutmp } post-auth { if (0) { update reply { User-Name !* ANY Message-Authenticator !* ANY EAP-Message !* ANY Proxy-State !* ANY MS-MPPE-Encryption-Types !* ANY MS-MPPE-Encryption-Policy !* ANY MS-MPPE-Send-Key !* ANY MS-MPPE-Recv-Key !* ANY } update { &outer.session-state: += &reply: } } Post-Auth-Type REJECT { attr_filter.access_reject update outer.session-state { &Module-Failure-Message := &request:Module-Failure-Message } } } pre-proxy { } post-proxy { eap } } policy.d/canonicalization contains: custom_nai_regexp1 = '^(\w+)@(.*)$' custom_nai_regexp = '^(.*)\\(\w+)$' custom_split_username_nai { if (&User-Name && (&User-Name =~ /${policy.custom_nai_regexp1}/)) { update request { &Stripped-User-Name := "%{1}" &Stripped-User-Domain = "%{2}" } updated } else { if (&User-Name && (&User-Name =~ /${policy.custom_nai_regexp}/)) { update request { &Stripped-User-Name := "%{2}" &Stripped-User-Domain = "%{1}" } updated } else { noop } } }