EAP/TTLS + virtual_server woes

Ivan Kalik tnt at kalik.net
Fri Oct 2 00:20:50 CEST 2009


> Okay, I munched over the source code and I'm guessing I'm being a
> crettin, but I'm hoping you can tell me what I'm doing wrong.
>
> If you use the 'virtual_server' functionality in the ttls{} section of
> eap.conf, everything works great if you get an Access-Accept from the
> inner virtual server ('auth' for me).  When I say "works great", I mean
> the 'post-auth' section of the EAP calling ('auth-eap') virtual server
> is munched through.  However, if 'Access-Reject' is returned then
> 'post-auth' is not parsed and it bombs immediently back out to the to
> outer virtual server's ('dot1x') post-proxy section.

Try testing the reply:Packet-Type there. If it's Access-Reject do those
updates.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list