inner/outer Tunnel attributes of TTLS/MS-CHAPv2

Vincent Magnin Vincent.Magnin at unil.ch
Mon Feb 4 10:18:25 CET 2008 

Hello All,

I've an issue with passing attributes from EAP TTLS MS-CHAPv2 to outer:

My /etc/raddb/users contains:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
         User-Name := `%{User-Name}`,
         Fall-Through = yes

And my eap ttls module contains:
> copy_request_to_tunnel = yes
> use_tunneled_reply = yes


The user-name and Tunnel-* are not rewiten/copied to the outer.

This isssue is only with MS-CHAP, not PAP.

Running version: freeradius-1.0.1-3.RHEL4.5

radius -X :
rlm_mschap: adding MS-CHAPv2 MPPE keys
   modcall[authenticate]: module "mschap" returns ok for request 39
modcall: group Auth-Type returns ok for request 39
   Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 39
radius_xlat:  '/var/log/radius/radacct/127.0.0.1/reply-detail-20080204'
rlm_detail:  
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d  
expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20080204
   modcall[post-auth]: module "reply_log" returns ok for request 39
modcall: group post-auth returns ok for request 39
   TTLS: Got tunneled reply RADIUS code 2
         User-Name := "vmagnin at unil.ch"
         Tunnel-Type:0 = VLAN
         Tunnel-Private-Group-Id:0 = "16"
         Tunnel-Medium-Type:0 = IEEE-802
         MS-CHAP2-Success =  
0x5b533d31464345343644464444343239353838433043363243464630463638363938363532333336314637
         MS-MPPE-Recv-Key = 0xcf199064e5ce16501ad868646e8e7b3c
         MS-MPPE-Send-Key = 0x053e079625529879fe9f4f1cb9b7ad47
         MS-MPPE-Encryption-Policy = 0x00000002
         MS-MPPE-Encryption-Types = 0x00000004
   TTLS: Got tunneled Access-Accept
   rlm_eap: Freeing handler
   modcall[authenticate]: module "eap" returns ok for request 39
modcall: group Auth-Type returns ok for request 39
   Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 39
radius_xlat:  '/var/log/radius/radacct/130.223.222.60/reply-detail-20080204'
rlm_detail:  
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d  
expands to /var/log/radius/radacct/130.223.222.60/reply-detail-20080204
   modcall[post-auth]: module "reply_log" returns ok for request 39
modcall: group post-auth returns ok for request 39
Sending Access-Accept of id 60 to 130.223.222.60:1645
         MS-MPPE-Recv-Key =  
0xc9abc77f52aa954231989e3bc26c35b2b6f6578dec2fe6b1bf06e9fb1b75740f
         MS-MPPE-Send-Key =  
0xe940dd6f47a1a7102d876dacf2f36385a5e717f96372d87256b5e6c1c3ba962b
         EAP-Message = 0x03060004
         Message-Authenticator = 0x00000000000000000000000000000000
         User-Name = "anonymous"
Finished request 39

More information about the Freeradius-Users mailing list