Terminate EAP-TTLS then proxy

[Alan DeKok]

On Sep 21, 2017, at 3:31 PM, adrian.p.smith at bt.com wrote:
> 
> I have returned to this problem and am using a fresh copy of 3.0.15 and the eapol_test client.

  I'd suggest just using radtest on the inner-tunnel virtual server.  If that can proxy, *then* test EAP-TTLS.  Otherwise, the debug output will be huge and hard to read.

> (6) IPASS: Checking for prefix before "/"
> (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian"
> (6) IPASS: Found realm "passpoint"
> (6) IPASS: Adding Realm = "passpoint"
> (6) IPASS: Proxying request from user passpoint/adrian to realm passport

  So... what's the configuration for that realm?

> (6) IPASS: Preparing to proxy authentication request to realm "passpoint" 
> (6)       [IPASS] = updated
> (6) suffix: Request already has destination realm set.  Ignoring
> (6)       [suffix] = noop
> (6) eap: No EAP-Message, not doing EAP
> (6)       [eap] = noop
> (6)       [files] = noop
> (6)       [expiration] = noop
> (6)       [logintime] = noop
> (6)       [pap] = noop
> (6)     } # authorize = updated
> (6) } # server inner-tunnel
> (6) Virtual server sending reply
> (6) eap_ttls: Tunneled authentication will be proxied to passpoint
> (6) eap: WARNING: Tunneled session will be proxied.  Not doing EAP
> (6)     [eap] = handled
> (6)   } # authenticate = handled
> (6) WARNING: Cancelling proxy as no home pool exists

  Probably because you defined the realm, but didn't define a home_pool for it.

  See raddb/proxy.conf for docs and examples/

> The offending line appears to be:
> 
> (6) WARNING: Cancelling proxy as no home pool exists

  It's often useful to read earlier messages to see what happened *before* that error occurred.

  In this case, it tried to proxy to realm "passpoint".  But it can't.  So... what's wrong with that realm?

  Alan DeKok.