Freeradius reply attribute problem when using PEAP
Alan DeKok
aland at deployingradius.com
Tue Aug 12 18:36:02 CEST 2014
Dale Blount wrote:
> I've gone through the logs but cannot find the issue that is causing the
> attributes not to pass. The Ruckus-Role attribute is found throughout
> the whole log up until line ~1432 of ttls6.log and ~1761 of peap6.log.
>
> Also of note is line 1508-1509 of ttls6.log:
> (9) eap_ttls : Using saved attributes from the original Access-Accept
> Ruckus-Role = 'TestSite-Premium'
i.e. there are NO other attributes sent by the inner-tunnel in the
Access-Accept. So of *course* nothing more gets sent back to the NAS.
> And 1849-1850 of peap6.log:
> (12) eap_peap : Using saved attributes from the original Access-Accept
> User-Name = 'rickjames'
The same applies here.
> Does PEAP require a different inner-tunnel than TTLS does? At the
> moment they are both using the same default inner-tunnel.
They're using the same inner tunnel.
There's no magic here. Everything is in the debug log. If the
replies are different, it's because the server does *different* things
in the inner-tunnel. And if you read it, it does.
Stop trying to debug the entire EAP thing. It's a waste of your time.
Debug the inner-tunnel, as I said. See the comments at the top of the
inner-tunnel file (in recent versions)
Alan DeKok.
More information about the Freeradius-Users
mailing list