post-auth not being entered in inner-tunnel

Olivier Beytrison olivier at
Wed Mar 13 14:05:03 CET 2013

On 13.03.2013 12:46, Alex Sharaz wrote:
> Hi,
> I've got a number of FR 2.2.0 servers that invoke sql_log in the inner-tunnel post-auth in order to write user-name  some other attributes into a back end mysql database server  and it all works. If I've got non-eap requests coming in , the "default" site deals with it. If I've got eap-based requests coming in the inner-tunnel deals with them. About a week ago I downloaded the latest 2.2 code from git.freeradius, built that and upgraded one of my FR2.2 servers. Since then  I can't see an invocation of post-auth within the inner-tunnel. I can see it for the "default" site but not the inner-tunnel. Everything else seems to work but not that. Same hardware platform, same config files just different  FR code.
> I've generated two radius -X dumps, vsn220.log and vsn221.log on my test server. The only raw client accessing this server is the switch my mac is sitting on  configured to do macauth and 802.1x on my ethernet port. By simply disconnecting and reconnecting my mac I've generated a macauth followed by an 802.1x auth. In both files you can see post-auth being invoked for the default site. but only the vsn220.log file has a corresponding post-auth for the inner-tunnel.
> It may be  that there's something else I've configured wrong that is only showing up in van 2.2.1 (ish). Should I be sending these traces to the free radius list or is there another address I can email them to

Sounds weird. But again hard to tell without a radius -X output. Just
send it here on the list, a complete request output, and maybe the
relevant virtual-server configuration snippet


 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mail: olivier at

More information about the Freeradius-Users mailing list