Sending an attribute with the Access-Accept instead of Access-Challenge

Phil Mayers p.mayers at
Wed Jan 12 21:33:40 CET 2011

On 01/12/2011 06:50 PM, Vivek Umasuthan wrote:
> Thanks for the reply.
>> use_tunneled_reply = yes
>> the "peap {}" section of "eap.conf"
> I did this after you mentioned it. Just some more clarification...
>> You need to add the attribute in the "inner-tunnel" virtual server,
> Do you mean I edit the 'inner-tunnel' file in
> /etc/freeradius/sites-available and add the attribute there? In there
> should it be added under "update outer.reply {}" section under
> "post-auth{}"?

No. That's what "use_tunneled_reply" does. You just need to return the 
attributes to the inner request.
> When I tried that, the server complains as shown below upon start....
> /etc/freeradius/sites-enabled/inner-tunnel[340]: ERROR: Unknown vendor
> name in attribute name "Session-Timout"

Read what it says carefully... You've typo-ed "Timeout" as "Timout"

> /etc/freeradius/sites-enabled/inner-tunnel[262]: Errors parsing
> post-auth section.

More information about the Freeradius-Users mailing list