FreeRADIUS 3.0.12 + openLDAP + Apple access point?
Matthew Newton
mcn at freeradius.org
Thu Dec 7 12:54:26 CET 2017
On Thu, 2017-12-07 at 11:47 +0000, Tobias Balle-Petersen wrote:
> > The debug output shows you what attributes are available in the
> > inner tunnel...
>
> I'm looking here, but I can't see it.
>
> Thu Dec 7 12:37:39 2017 : Debug: (10) Virtual server inner-tunnel
> received
> request
> Thu Dec 7 12:37:39 2017 : Debug: (10) EAP-Message = 0x023000061a03
> Thu Dec 7 12:37:39 2017 : Debug: (10) FreeRADIUS-Proxied-To =
> 127.0.0.1
> Thu Dec 7 12:37:39 2017 : Debug: (10) User-Name = "bj"
> Thu Dec 7 12:37:39 2017 : Debug: (10) State =
> 0x9aa53a9f9b95204846eab62797564f73
Exactly - it's not there, so anything depending on it won't behave as
expected.
> You need to copy the attribute from the outer to the inner so that
> you
> > can use it. Either use the old (deprecated) method of setting
> > 'copy_request_to_tunnel' in the eap configuration, or the current
> > way
> > of just copying the attribute you need
>
>
> copy_request_to_tunnel = yes in the eap file, did not solve the
> problem. I had gotten that far by myself.
It's not set. If it was then there would be a lot more attributes in
the inner tunnel than there are.
Maybe you set the ttls setting, but not the peap one?
> That worked. Thank you for taking the time to help me out!
OK, that's good. That's the better way to do it now anyway.
> I wonder why "copy_request_to_tunnel = yes" did not work? Is
> Huntgroup-Name
> actually a part of the request, as It's not sent by the client?
It's added by 'preprocess'.
--
Matthew
More information about the Freeradius-Users
mailing list