PEAP/MSCHAPv2, Post-Auth-Type REJECT {} of inner-tunnel is neverentered for access reject

Alan DeKok aland at
Fri Jul 9 09:11:31 CEST 2010

Fads Afds wrote:
>     I tried to get the error-message of inner-tunnel by running sql query in "Post-Auth-Type Reject {} of default. The message field in radpostauth table is empty. The query seems cannot access %{inner.control:My-Err-Message} attribute. 
>     My question is: Can sql in default (outer session) access innner-server control attribute when the login is rejected? If the answer is no, would you hint me how I can get & log the error message of inner-session? 

  No, unfortunately not.  *But* the "inner tunnel" server can copy them
from the inner to outer tunnel.

  Alan DeKok.

More information about the Freeradius-Users mailing list