Windows10 PEAP: "Could not find Pool-Name attribute"

Volodymyr Litovka doka.ua at gmx.com
Mon Sep 16 15:07:40 CEST 2019


Dear colleagues,

I’m facing a problem connecting Windows 10 client to Strongswan (IKEv2) with Freeradius as AAA backend.

Configuration of Freeradius is almost untouched and it works like a charm for OSX->Strongswan clients:

- added ippool to mods-enabled (main_pool)
- enabled main_pool in ‘default’ site in ‘post-auth’ and ‘accounting’ sections

Unlike OSX, Windows10 falls into PEAP conversation, thus I modified sites-enabled/inner-tunnel - added main_pool into ‘post-auth’ section as well.

Output from ‘freeradius -X' is available at the following link: https://pastebin.com/FKFep8Za where you can see that until and during step (8) Freeradius successfully authenticates user, assigns Framed-IP-Address from the pool and returns it (line 926) for further processing, but during step (9) it tries to do the same (line 1034) and fails. It either don’t see Framed-IP-Address attribute or losing information about main_pool during passes over inner-tunnel?

User definition is quite simple:

aeris   Cleartext-Password := "q1w2e3", Pool-Name := main_pool
        Service-Type = Framed-User

Removing main_pool from sites-enabled/inner-tunnel (in order to leave this to sites/default) changed nothing - same message "Could not find Pool-Name attribute” appears in log. I tried to play with some configurations parameters in mods-enabled/eap (copy_request_to_tunnel, use_tunneled_reply), sites-enabled/inner-tunnel (if(0)/if(1)) but since I don’t clearly understand for what they’re responsible, I've got no success.

Can anybody point me to the cause of the problem?

Thank you.


-- 
Volodymyr Litovka
  "Vision without Execution is Hallucination." -- Thomas Edison




More information about the Freeradius-Users mailing list