Inner Tunnel User-Name - PEAP/MSCHAPV2

Chris Arg grkcharge at gmail.com
Fri Dec 12 16:08:48 CET 2014 

Thanks for the prompt reply Alan.

> Read raddb/sites-available/inner-tunnel.  Look at the “post-auth” section:

>        #  Instead of "use_tunneled_reply", do this:
>        #
>        #       update {
>        #               &outer.session-state: += &reply:
>        #       }

>  Uncomment that block.

That is enabled in my configuration, but the post-auth section within the
inner-tunnel is never run. Here's a grep of my debug showing that only
sites-enabled/defaults post-auth is getting executed:

*grep -i post-auth /tmp/fr_dump.txt *

    post-auth {
    # Loading post-auth {...}
    # Loading post-auth {...}
    (10) # Executing section post-auth from file
/etc/raddb/sites-enabled/default
    (10)   post-auth {
    (10)   } # post-auth = noop

On Fri, Dec 12, 2014 at 9:38 AM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Dec 12, 2014, at 8:48 AM, Chris Arg <grkcharge at gmail.com> wrote:
> > I'm currently using 3.0.x via github on RHEL 7. My issue is that I'm
> unable to get the User-Name attribute out of the inner tunnel.
>
>   Read raddb/sites-available/inner-tunnel.  Look at the “post-auth”
> section:
>
>         #
>         #  Instead of "use_tunneled_reply", do this:
>         #
> #       update {
> #               &outer.session-state: += &reply:
> #       }
>
>   Uncomment that block.
>
> > I've seen a couple of examples demonstrating how to update the reply or
> update outer.reply in the inner-tunnel post-auth section. After reading the
> debug output, that section doesn't seem to run. Instead, post-proxy is run
> which looks like a good alternative. This is what I've tried in the
> post-proxy section:
> >
> >         update {
> >                 &reply:User-Name += &User-Name
> >         }
>
>   That won’t work.  That’s updating the inner-tunnel reply, which is not
> what you want.
>
> > ---------------
> > raddb/mods-enabled/eap
>
>   Don’t send configuration files to the list.  The documentation says to
> post the debug output.  ONLY the debug output.
>
>   And you’ve butchered the configuration files.  Don’t do that.  There’s
> no additional cost to leave the comments, etc.  Leaving the comments there
> helps explain what the files are doing, and why.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141212/458d417d/attachment.html>

More information about the Freeradius-Users mailing list