802.1X - ldap AND users file
cedric Delaunay
cedric.delaunay at insa-rennes.fr
Wed Apr 1 15:22:58 UTC 2026
Hello List,
Network Wired Project running here.
Devices users authenticate successfully using peap/mschapV2 and ldap backend
outer identity is configured as anonymous
I'd like to find how to force "accept" for a special user, based on
"mods-config/files/authorize" file
- user is logged-in on device so that is real username is kown only by
inner-tunnel
- user isn't known by ldap (that's why I try with "users" file)
- user's password may change so that I don't want to check it
"users" entry looks like :
myuser Auth-Type := Accept
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
#Tunnel-Private-Group-ID = "407",
Tmp-String-1 = "407"
Tmp-String-1 is used by default/post-auth section as it :
update reply {
Tunnel-Private-Group-Id := "%{reply:Tmp-String-1}"
}
files module is enabled in inner tunnel/authorize
My problem :
I cant see "accept" during inner-tunnel (after authorize file module)
(9) files: users: Matched entry myuser at line 99
(9) [files] = ok
(9) } # authorize = ok
(9) Found Auth-Type = Accept
(9) Auth-Type = Accept, accepting the user
(9) # Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel
but next challenge says
(10) eap_peap: ERROR: We sent a success, but the client did not agree
(10) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP
sub-module failed
Il don't know what is the best way to achieve this.
Any idea ?
Thanks
-- :
*Cédric Delaunay
*
*Service Infrastructure Systèmes et Réseaux / Direction du Système
d'Information*
*Admin Réseau / RSSI Suppléant *
Tel. : +33 (0)2 23 23 8568
*INSA Rennes*
20 avenue des Buttes de Coêsmes
CS 70839 - 35 708 RENNES Cedex 7
www.insa-rennes.fr <http://www.insa-rennes.fr/>
More information about the Freeradius-Users
mailing list