freeradius 2.1.10 WARNING: Internal sanity check failed

James J J Hooper jjj.hooper at
Thu Jan 13 19:43:03 CET 2011

On 13/01/2011 18:26, joanroldan wrote:
> I'm sorry! Try to rewrite the e-mail to a human mode ; ) Hi, I am
> configuring a freeradius for a institution for eduroam purposes, using
> Fedora 13 and with freeradius 2.1.10. The only EAP type supported is
> EAP-TTLS/PAP. I attach the radius -X output:
> So I have mainly tho doubts:
> First, one why this warning happens and how to solve it.
> Second one, is it normal that EAP-TTLS does not begin?
> Thanks in advance,
> Joan.

Hi Joan,

1) This happens because you have made big changes to the default config.

2) You have configured FreeRADIUS to proxy the request to somewhere else.

For eduroam, you usually need to configure it so that:

* If the realm is one of your organisation's, the request is not proxied, 
but handled by FR

* If the realm is blank or rubbish, the request can be immediately rejected.

* If the realm is valid, and not your own organisations, you should proxy 
the request to your national RADIUS servers.

I'd suggest going back to the default config. Read each file and get your 
TTLS/PAP working first, then add the proxying for other realms last.

See also:


James J J Hooper
Network Specialist
Information Services
University of Bristol

More information about the Freeradius-Users mailing list