Trying to get tunneling to work
I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an IAS server. The IAS requests are authenticated by a Safeword server, which doesn't support 802.11. So the idea is that freeradius takes the request, proxies it to IAS as if it was a non-802.11 client, IAS passes it to the integrated Safeword server, and everything is happy. My configuration works from a 802.11 supplicant if the user exist locally in freeradius, but no proxying happens when the user doesn't exist locally. It doesn't appear to ever leave radiusd. What I hope is the relevant debug output is below. Please be nice, I am very new to RADIUS! If you could point out the issues you see and where to look for resolution I'd really appreciate it. If you need more info or the contents of any files, just ask. rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=90, length=253 User-Name = "mbernhardt" Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User Message-Authenticator = 0x6d0c7d1550b928f2c1e4819363b4c655 EAP-Message = 0x0209006b190017030100605b9dff6664aed05daf847f94f2c5653aeb8bd71c24eb8cb32250 7777f2326709a15aa5cca25c1fd4a80 78736d29db8a366c19e511ead9cd2464eea7d6c7c9ed1d334d140b044029ab54bad420b8a1a6 e09d0d98be53e16ce732e7ae903591d 65 NAS-Port-Type = Wireless-802.11 NAS-Port = 2948 State = 0x7986d88d7f8fc1cc817b41b32920e7cd NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900451a0209004031d64addabbce8df20ddb2b2bf5f76e1e00000000000000000b3641d 7bbaa84d8e02bd692d2b804b6eb8632 9e81e2c878c006d6265726e6861726474 server { PEAP: Setting User-Name to mbernhardt Sending tunneled request EAP-Message = 0x020900451a0209004031d64addabbce8df20ddb2b2bf5f76e1e00000000000000000b3641d 7bbaa84d8e02bd692d2b804b6eb8632 9e81e2c878c006d6265726e6861726474 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mbernhardt" State = 0xf069bb62f060a15804b7cea0a47025dc Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 2948 NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to safeword.eng PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty section. Using default return values. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. ERROR: Failed to proxy request 7 There was no response configured: rejecting request 7 Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> mbernhardt attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 90 to 192.168.7.139 port 1645
I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an IAS server. The IAS requests are authenticated by a Safeword server, which doesn't support 802.11. So the idea is that freeradius takes the request, proxies it to IAS as if it was a non-802.11 client, IAS passes it to the integrated Safeword server, and everything is happy.
My configuration works from a 802.11 supplicant if the user exist locally in freeradius, but no proxying happens when the user doesn't exist locally.
Read comments in peap section of eap.conf. Replace LOCAL in Proxy-To-Realm statement in inner-tunnel virtual server with the name of the realm pointing to IAS server. Ivan Kalik
-----Original Message----- From: tnt@kalik.net [mailto:tnt@kalik.net] Sent: Thursday, December 10, 2009 5:05 PM To: FreeRadius users mailing list Subject: Re: Trying to get tunneling to work
I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an IAS server. The IAS requests are authenticated by a Safeword server, which doesn't support 802.11. So the idea is that freeradius takes the request, proxies it to IAS as if it was a non-802.11 client, IAS passes it to the integrated Safeword server, and everything is happy.
My configuration works from a 802.11 supplicant if the user exist locally in freeradius, but no proxying happens when the user doesn't exist locally.
Read comments in peap section of eap.conf. Replace LOCAL in Proxy-To-Realm statement in inner-tunnel virtual server with the name of the realm pointing to IAS server. Ivan Kalik As far as I know, this is the case. It is replaced in the users file. I did a little cleanup on the other config files too. Here is the new output, though the result is the same. radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } realm safeword.eng { authhost = 192.168.30.29:1812 accthost = 192.168.30.29:1813 secret = Testing_Testing } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } radiusd: #### Loading Clients #### client 192.168.7.139/32 { require_message_authenticator = no secret = "Testing_Testing" } client 127.0.0.1/32 { require_message_authenticator = no secret = "testing123" } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = no virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Listening on proxy address 127.0.0.1 port 35452 Ready to process requests. rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=148, length=152 User-Name = "mbernhardt" Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User Message-Authenticator = 0x26cd48e5b9fc61664cee336cc1792ccc EAP-Message = 0x020700061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3292 State = 0xc871db2ccc76c2f4ed36eeb8b11d50cb NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 148 to 192.168.7.139 port 1645 EAP-Message = 0x0108002019001703010015ec4896e2cabf793395eed36c929b08a15179a89940 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc871db2ccd79c2f4ed36eeb8b11d50cb Finished request 21. Going to the next request Waking up in 2.2 seconds. rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=149, length=184 User-Name = "mbernhardt" Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User Message-Authenticator = 0x6a4dbd84e5ab9893eeba02d1c466b5f2 EAP-Message = 0x020800261900170301001be14c477ed7b3337d1f7a595cbfe47a98ceb6bbac01a2b8d714fb 21 NAS-Port-Type = Wireless-802.11 NAS-Port = 3292 State = 0xc871db2ccd79c2f4ed36eeb8b11d50cb NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - mbernhardt [peap] Got tunneled request EAP-Message = 0x0208000f016d6265726e6861726474 server { PEAP: Got tunneled identity of mbernhardt PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to mbernhardt Sending tunneled request EAP-Message = 0x0208000f016d6265726e6861726474 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mbernhardt" Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3292 NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] users: Matched entry DEFAULT at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Cancelling proxy to realm safeword.eng until the tunneled EAP session has been established [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900241a0109001f10421fda5c741f99bbbd660650209f40a16d6265726e6861726474 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3dd5fbf33ddce1440d05495c582e500e [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 149 to 192.168.7.139 port 1645 EAP-Message = 0x0109003b190017030100307e4b0e6a672924f75bbb213a62d8e08842877ff9e84d690b7bf5 5531e4eced9572a2c0f4f230db301d3 ac0e43d4ec15e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc871db2cce78c2f4ed36eeb8b11d50cb Finished request 22. Going to the next request Waking up in 2.2 seconds. rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=150, length=238 User-Name = "mbernhardt" Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User Message-Authenticator = 0x29cb8c7c5e0ea13931129b5404267fbd EAP-Message = 0x0209005c19001703010051da572ed9a75ebdddd39a40408f8c6eb4f537f65470fba05b8b82 c174224dcd6de968b259232794f361d 51ab246ab8b41b50bd8dac1777fc412c4f78b4015250d700441464b71f7c27aa6c3901adfff3 1a7 NAS-Port-Type = Wireless-802.11 NAS-Port = 3292 State = 0xc871db2cce78c2f4ed36eeb8b11d50cb NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 92 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900451a0209004031b326572c085e1b042802b27f632ddc860000000000000000914fa3 c6b927312212cb1ae7675131d7f1a75 7e2a0deaeab006d6265726e6861726474 server { PEAP: Setting User-Name to mbernhardt Sending tunneled request EAP-Message = 0x020900451a0209004031b326572c085e1b042802b27f632ddc860000000000000000914fa3 c6b927312212cb1ae7675131d7f1a75 7e2a0deaeab006d6265726e6861726474 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mbernhardt" State = 0x3dd5fbf33ddce1440d05495c582e500e Framed-MTU = 1400 Called-Station-Id = "000a.f4e2.2a00" Calling-Station-Id = "0021.6a46.b0cc" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3292 NAS-IP-Address = 192.168.7.139 NAS-Identifier = "lks15w-ap350" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] users: Matched entry DEFAULT at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to safeword.eng PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty section. Using default return values. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. ERROR: Failed to proxy request 23 There was no response configured: rejecting request 23 Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> mbernhardt attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 23 for 1 seconds Going to the next request Waking up in 0.9 seconds.
Mike Bernhardt wrote:
I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an IAS server. The IAS requests are authenticated by a Safeword server, which doesn’t support 802.11. So the idea is that freeradius takes the request, proxies it to IAS as if it was a non-802.11 client, IAS passes it to the integrated Safeword server, and everything is happy.
OK.
ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash.
Hmm... which version are you using? That shouldn't happen in a released version of the code. Alan DeKok.
Sorry about the delay, I haven't been able to get back to this until today. I'm using 2.1.7. -----Original Message----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: Thursday, December 10, 2009 11:03 PM To: FreeRadius users mailing list Subject: Re: Trying to get tunneling to work Mike Bernhardt wrote:
I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an IAS server. The IAS requests are authenticated by a Safeword server, which doesn't support 802.11. So the idea is that freeradius takes the request, proxies it to IAS as if it was a non-802.11 client, IAS passes it to the integrated Safeword server, and everything is happy.
OK.
ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash.
Hmm... which version are you using? That shouldn't happen in a released version of the code. Alan DeKok.
Is that related to my problem, or did you just notice am unrelated bug? -----Original Message----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: Wednesday, December 16, 2009 1:45 PM To: FreeRadius users mailing list Subject: Re: Trying to get tunneling to work Mike Bernhardt wrote:
Sorry about the delay, I haven't been able to get back to this until today. I'm using 2.1.7.
OK, that issue should be fixed in 2.1.8. We should release it this week. Alan DeKok.
No, I meant that you'd asked me about the version because you noticed unexpected debug output due to a bug you say is fixed in 2.1.8. What I didn't get was whether you thought that might be related to the problem I'm having getting tunneling to work. -----Original Message----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: Thursday, December 17, 2009 2:07 PM To: FreeRadius users mailing list Subject: Re: Trying to get tunneling to work Mike Bernhardt wrote:
Is that related to my problem, or did you just notice am unrelated bug?
Umm... did I respond to your email, or did I mention that an unrelated bug was fixed? Alan DeKok.
Mike Bernhardt wrote:
No, I meant that you'd asked me about the version because you noticed unexpected debug output due to a bug you say is fixed in 2.1.8. What I didn't get was whether you thought that might be related to the problem I'm having getting tunneling to work.
Ah. It's not. For proxying "inner" tunnel requests, see the "inner-tunnel" virtual server. You can un-comment the "listen" section there, and test inner-tunnel proxying independent of PEAP. Once that works, add PEAP to the mix. Alan DeKok.
participants (3)
-
Alan DeKok -
Mike Bernhardt -
tnt@kalik.net