PEAP Inner-tunnel can't match a user in the "users" file with some check attributes

Difan Zhao difan.zhao at
Sat Nov 19 01:36:37 CET 2011

Hi gents,

I have an issue that whenever I have check attributes such as NAS-IP-Address or NAS-Port-Type, my PEAP fails... The same config works for MD5... I'm running FreeRADIUS Version 2.1.7.

--- users ---
"phone" User-Name =~ "phone", Cleartext-Password := "mykey", NAS-IP-Address == ""
        Tunnel-Private-Group-Id := "654", Tunnel-Type := "VLAN", Tunnel-Medium-Type := "IEEE-802", Tunnel-Preference := "0"

All other configs are mostly default.

Everything works once I removed NAS-IP-Address == "". However I do need to check against from which switch/NAS the request is coming from... It seems that those attributes are outside of the "tunnel". How can I copy them in the "tunnel" (does this make sense to you guys)?? My debug output is attached.

Thank you and have a good weekend!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius -X.txt
URL: <>

More information about the Freeradius-Users mailing list