Authentication and Rest

Matthew Newton mcn at
Wed Mar 28 02:00:32 CEST 2018

On Tue, 2018-03-27 at 22:21 +0000, Gelinas, Robert wrote:
> I have a problem with authenticating after a RESTful auth.  The
> response from the rest call seems to be integrating (free radius is
> expanding the response), but the Cleartext-Password doesn't seem to
> be carrying forward to the authentication portion.

You're calling rest in the outer "default" server.

> There are a lot more 'authorize/authenticate' call sets than I
> expected,

PEAP is like that...

> but in the end, I expected things to resolve; however, they fail with
> 'no Cleartext-Password' error message in the MD5 portion.

You haven't got the Cleartest-Password attribute in the inner-tunnel;
it's in the outer.

Move "rest" from the default server to the inner-tunnel virtual server.

You'll also save a lot of load on your REST server by only querying it
once, rather than every EAP round-trip.


More information about the Freeradius-Users mailing list