radlogin works, mobile device not

Fajar A. Nugraha list at fajar.net
Tue Sep 11 09:27:11 CEST 2012

On Tue, Sep 11, 2012 at 2:13 PM, Mihajlo Joksimovic
<mihajlo.joksimovic at adfinis-sygroup.ch> wrote:
> well i cannot update the installation because its an univention
> installation.

Then ask them for help.

> i activated the sections in inner-tunnel like that.


had you provided full debug log, we'd be able to see whether or not FR
REALLY picks up the inner tunnel. But you didn't provide that.

> and radlogin will
> connect properly to ldap. when someone wants to connect via access
> point, it is not possible...
>  authorize {
> ...
>     #
>         #  The ldap module will set Auth-Type to LDAP if it has not
>         #  already been set
>         ldap
> ...
> }

your debug log contradicts your statement. Either you did not have it
in inner tunnel, or your default virtual server is broken so that it
DOESN'T use inner tunnel.

> authenticate {
> ...
>         # Uncomment it if you want to use ldap for authentication
>         #
>         # Note that this means "check plain-text password against
>         # the ldap database", which means that EAP won't work,
>         # as it does not supply a plain-text password.
>         Auth-Type LDAP {
>                 ldap
>         }

If you store passwords as plain text, you won't need that.

If you REALLY want to solve your problem, then listen to the
suggestions. If you can't upgrade your current server, then at least
setup a NEW server for testing purposes. Do what Phil suggests: Start
with a default config. Make small changes. Check each successful
config into version control.

That way you can know where the problem is. If it's a bug in
univention package version or config file, then ask them. The default
FR setup should work with minimal changes.


More information about the Freeradius-Users mailing list