Problems with "virtual_server" for EAP-pwd

Christian Strauf strauf at
Mon Mar 27 17:10:41 CEST 2017

> run it in full debug mode (radiusd -X) and look at the packet flow for the client.  you will see the key differences
> bewteen an inner-tunnel method (eg PEAP) and EAP-PWD - I think you'd face the same issue with EAP-TLS - as you already
> says, and the debug output will show the flow - inner-tunnel is not called because its not used for that method - look
> at the eap module config that does all this - for TTLS and PEAP you tell the server about inner-tunnel, so it uses
> it.....
Well, that's exactly my point. You do have to configure an inner tunnel for EAP-pwd and the authorize section of the inner tunnel is actually called and you can do stuff within the authorize section of the inner tunnel, however, when you do something that updates the request with a reject, that reject is not used by the outer session. Or maybe I'm misunderstanding what you mean.


More information about the Freeradius-Users mailing list