rlm_passwd fails Stripped-User-Name check when in inner-tunnel mode (PEAP)
Matthew Newton
mcn4 at leicester.ac.uk
Thu Nov 12 09:47:15 CET 2015
On Thu, Nov 12, 2015 at 03:15:10PM +0800, Tim Chen wrote:
> +group authorize {
> ++[preprocess] = ok
> ++[passwdf1] = notfound
^^^
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] Looking up realm "eduroam.example.edu" for User-Name = "
> john at eduroam.example.edu"
> [suffix] Found realm "eduroam.example.edu"
> [suffix] Adding Stripped-User-Name = "john"
^^^
> [suffix] Adding Realm = "eduroam.example.edu"
> [suffix] Proxying request from user john to realm eduroam.example.edu
> [suffix] Preparing to proxy authentication request to realm "
> eduroam.example.edu"
> ++[suffix] = updated
You're calling passwdf1 before Stripped-User-Name is defined by
suffix.
Move passwdf1 after the call to suffix in both inner & outer.
Cheers
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list