password not present in ttls inner-tunnel
Evan Sharp
evan.sharp at coastmountainacademy.ca
Wed May 7 16:29:33 UTC 2025
Hi list,
I'm having difficulty understanding why &User-Password is not being found
by my inner-tunnel virtual server. Desired outcome is EAP-TTLS/PAP for
google's LDAP.
New install of freeRADIUS 3.2.7.
In my debug output, I see that the conditional check that would specify
ldap as the Auth-Type is not passing.
[eap setup success]
[ttls setup success]
...
(5) if (&User-Password && !control:Auth-Type) {
(5) if (&User-Password && !control:Auth-Type) -> FALSE
(5) } # authorize = updated
(5) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(5) Failed to authenticate the user
[post-auth-reject]
I believe this check is the one in my customized module config "ldap-google"
if (&User-Password && !control:Auth-Type) {
update {
&control:Auth-Type := ldap
}
Ok, so &User-password isn't found. Why not?
The eap config looks like:
eap{
default_eap_type = ttls
...
ttls {
copy_request_to_tunnel = yes
virtual_server = "google-ldap"
Does copy_request_to_tunnel not put the password into the tunnel as
&User-Password ?
Thanks,
Evan
More information about the Freeradius-Users
mailing list