A bit of help using the rlm_rest module with django-freeradius

Marty E. Plummer hanetzer at startmail.com
Mon Nov 19 03:29:42 CET 2018


On Sun, Nov 18, 2018 at 08:05:15PM -0500, Alan DeKok wrote:
> On Nov 18, 2018, at 7:06 PM, Marty E. Plummer <hanetzer at startmail.com> wrote:
> > 
> > On Sun, Nov 18, 2018 at 09:43:05AM +0000, Adam Bishop wrote:
> >> 
> >> Just send the freeradius debug log please.
> >> 
> > I figured a replicatable setup in the form of docker would be enough.
> 
>   While documenting your system is useful, we're not going to build a clone of your docker image just to see what's going on with it.
> 
>   We ask for the debug output because we need it.  All of the documentation says this, over and over and over again.
> 
Fair. Though the docker images are pretty small relatively speaking.
> > However, some time after sending the initial email I managed to get it
> > figured out. Basically I had to move the rest stuff into inner-tunnel so
> > the eap stuff is decrypted/whatever so I could obtain User-Name and
> > User-Password for the rest authentication. Everything works now, so I
> > suppose the ml served as a bit of a rubber-duckie for me to work out my
> > own issues.
> 
>   If you run the server in debugging mode, you will see that the outer session doesn't have a User-Password attribute.  But the inner one does.  So... the conclusion is to move the REST call to the inner tunnel.
> 
Could have sworn I mentioned that. Maybe I said it in the irc channel,
but yes, the problem was that User-Password was not available outside
the inner-tunnel. Turns out the django-freeradius project is meant for
use with captive-portals and not wpa2-eap (though by moving the REST
calls to the inner-tunnel apparently makes it usable outside of the
intended use).
(btw, is irc.freenode.net/#freeradius official?)
>   And that's why we say to run the server in debug mode.  Because once you do that, many common problems become simple to debug.
> 
Yeah, up until I determined to move the REST call into the inner tunnel
the freeradius server was only in debug mode.
>   Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list