2 Certs for 2 SSID (802.1x)

C.F. Yeung yeungcf at gmail.com
Thu May 17 11:34:24 CEST 2012


Thanks Phil, it's ok now.

On Thu, May 17, 2012 at 3:14 PM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:

> On 05/17/2012 05:07 AM, C.F. Yeung wrote:
>
>> I have added a new eap_new with the other cert in eap.conf and tried the
>> unlang policy. But, it still goes to my existing eap/cert. MAC address
>> and IP are masked by x.
>>
>> +- entering group authorize {...}
>> ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam")
>> ? Evaluating (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE
>> ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE
>> ++- entering if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") {...}
>> [eap_new] EAP packet type response id 5 length 253
>> [eap_new] Continuing tunnel setup.
>> +++[eap_new] returns ok
>> ++- if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") returns ok
>> ++[preprocess] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> [suffix] No '@' in User-Name = "testuser", looking up realm NULL
>> [suffix] No such realm "NULL"
>> ++[suffix] returns noop
>> [eap] EAP packet type response id 5 length 253
>> [eap] Continuing tunnel setup.
>>
>
> You didn't do what I said. You're still running the "eap" module. You need:
>
> authorize {
>  ...
>  if ( ... ) {
>    eap_new
>  }
>  else {
>    eap
>  }
>  ...
>
> }
>
>  ++[eap] returns ok
>> Found Auth-Type = eap_new
>> Found Auth-Type = EAP
>>
> > Warning:  Found 2 auth-types on request for user 'testuser'
>
> READ the debug output please!
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120517/af1af5ef/attachment.html>


More information about the Freeradius-Users mailing list