Freeradius reply attribute problem when using PEAP

Alan DeKok aland at deployingradius.com
Tue Aug 12 18:36:02 CEST 2014


Dale Blount wrote:
> I've gone through the logs but cannot find the issue that is causing the
> attributes not to pass.  The Ruckus-Role attribute is found throughout
> the whole log up until line ~1432 of ttls6.log and ~1761 of peap6.log.
> 
> Also of note is line 1508-1509 of ttls6.log:
> (9) eap_ttls : Using saved attributes from the original Access-Accept
> 	Ruckus-Role = 'TestSite-Premium'

  i.e. there are NO other attributes sent by the inner-tunnel in the
Access-Accept.  So of *course* nothing more gets sent back to the NAS.

> And 1849-1850 of peap6.log:
> (12) eap_peap : Using saved attributes from the original Access-Accept
> 	User-Name = 'rickjames'

  The same applies here.

> Does PEAP require a different inner-tunnel than TTLS does?  At the
> moment they are both using the same default inner-tunnel.

  They're using the same inner tunnel.

  There's no magic here.  Everything is in the debug log.  If the
replies are different, it's because the server does *different* things
in the inner-tunnel.  And if you read it, it does.

  Stop trying to debug the entire EAP thing.  It's a waste of your time.
 Debug the inner-tunnel, as I said.  See the comments at the top of the
inner-tunnel file (in recent versions)

  Alan DeKok.


More information about the Freeradius-Users mailing list