Ah sorry, here's the rest of it: [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 42 Using Post-Auth-Type Reject -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 09:49 To: FreeRadius users mailing list Subject: RE: Terminate EAP-TTLS then proxy On 13 June 2017 09:19:21 BST, adrian.p.smith@bt.com wrote:
Thanks for the tips, this has got me a lot further. My default server now does the EAP work and passes the Access-Request to the inner-tunnel, but I think I need one last thing as it doesn't want to proxy it:
server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel
What does the rest of the debug output say? Proxying happens after this. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html