Inner tunnel post auth question
Alan DeKok
aland at deployingradius.com
Sat May 11 15:26:23 CEST 2013
Franks Andy (RLZ) IT Systems Engineer wrote:
> My FR version is 2.1.10+dfsg-3build2_amd64. Unless there’s a nice
> package for Ubuntu 12.04 server then I’ll be compiling from source then
> I think.
Yes. Upgrading would be good.
> so yes, the “use_tunneled reply” bit is there. Is that what’s causing
> the copying of attributes from within the tunnel to fail, or is that
> setting what it’s supposed to be?
The "use_tunneled_reply" configuration only works for Access-Accept.
> I’m still getting my head around the
> eap thing – like for example why I need authorization and authentication
> settings in the inner-tunnel virtual server for eap again – my intuition
> would tell me that the inner eap just needs mschap in there if that’s
> the protocol inside the tunnel, but then perhaps it’s something to do
> with the “protection” bit of peap that means it’s a “tunnel within a
> tunnel” or something. Like I said still getting my head around it all.
You need "eap" in the inner-tunnel because PEAP sends EAP in the
inner-tunnel.
> I’d still like to get the attributes copying from the inner to outer
> tunnels regardless of the fix in 2.2. It’s gnawing at me a bit.
Well... if you want a feature from a later version of the server,
upgrade. You can't magically create a feature without code changes.
Alan DeKok.
More information about the Freeradius-Users
mailing list