peap/eap change in 3.0.x with inner_eap_module now required
Matthew Newton
mcn4 at leicester.ac.uk
Tue Jan 19 21:46:45 CET 2016
On Tue, Jan 19, 2016 at 02:42:44PM -0500, Alan DeKok wrote:
> On Jan 19, 2016, at 12:54 PM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> > Adding in the new "inner_eap_module" option to the outer PEAP
> > section fixes it (inner_eap_module = "outer-eep")
>
> Is that a typo? Are you sure it isn't "inner_eap_module = "inner-eap"
Er, dunno - I was just trying things to get the server to start,
not knowing exactly what inner_eap_module actually does. I didn't
check that it would actually authenticate anything ;-)
I have
eap outer-eap {
default_eap_type = peap
...
tls-config tls-common-outer {
...
}
# permit plain eap-tls
tls {
tls = tls-common-outer
virtual_server = check-eap-tls
}
# for peap/eap-tls
peap {
tls = tls-common-outer
default_eap_type = tls
copy_request_to_tunnel = yes
use_tunneled_reply = no
virtual_server = "inner-tunnel"
soh = yes
soh_virtual_server = "soh-server"
# added 'inner_eap_module = "outer-eap"' here
}
}
eap inner-eap {
default_eap_type = tls
...
tls-config tls-common-inner {
...
}
# for inner eap-tls
tls {
tls = tls-common-inner
virtual_server = check-eap-tls
}
}
Is 'inner_eap_module' overriding 'virtual_server = "inner-tunnel"', or just
setting which module to call in the outer authenticate section? I assumed the
latter.
m.
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Devel
mailing list