EAP-TTLS/PAP with realm - <no User-Password attribute>

Rob Gorrell rwgorrel at uncg.edu
Tue Mar 15 00:54:40 CET 2016


So when I try nostrip in my "realm rgorrell.net {" definition inside
proxy.conf, I get what appears to be an infinite loop and a bunch of zombie
messages out of the log file.

My inner-tunnel virtual server has authorize pap and authenticate Auth-Type
PAP.

I'm very much an new at setting up EAP, so most certainly I'm still doing
something wrong, but for the pieces just aren't making clicking for me yet.
any clarification you could provide me on "with suitable auth methods in
the inner-tunnel virtual server"I would appreciate.

Thanks
-Rob


On Mon, Mar 14, 2016 at 6:10 AM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> you are proxying the request (entry in proxy.conf) to local....with default
> options - so its stripping the realm.   the failure then occurs because the
> realm doesnt exist and the server is looking at auth options and finding
> none
> with suitable password
>
> > ++[eap] = updated
> > ++[files] = noop
> > ++[expiration] = noop
> > ++[logintime] = noop
> > [pap] WARNING! No "known good" password found for the user.
> Authentication
> > may fail because of this.
> > ++[pap] = noop
>
>
> what you probably want is 'nostrip' in the proxy definition along with
> suitable
> auth methods in the inner-tunnel virtual server
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA


More information about the Freeradius-Users mailing list