802.1X - ldap AND users file

Cedric Delaunay cedric.delaunay at insa-rennes.fr
Thu Apr 2 19:41:09 UTC 2026 

Hello, 
Thanks for your answers, I will look at this as soon as possible 
Cédric 

-- 
Cédric Delaunay 
Equipe Infrastructures / Direction du Système d'Information 
RSSI Suppléant 
Tél. : +33 (0)2 23 23 8568 
INSA Rennes 
20 avenue des Buttes de Coësmes 
CS 70839 - 35 708 RENNES Cedex 7 


De: "Cedric Delaunay" <cedric.delaunay at insa-rennes.fr> 
À: freeradius-users at lists.freeradius.org 
Envoyé: Mercredi 1 Avril 2026 17:22:58 
Objet: 802.1X - ldap AND users file 

Hello List, 
Network Wired Project running here. 
Devices users authenticate successfully using peap/mschapV2 and ldap backend 
outer identity is configured as anonymous 

I'd like to find how to force "accept" for a special user, based on "mods-config/files/authorize" file 
- user is logged-in on device so that is real username is kown only by inner-tunnel 
- user isn't known by ldap (that's why I try with "users" file) 
- user's password may change so that I don't want to check it 

"users" entry looks like : 
myuser Auth-Type := Accept 
Tunnel-Type = VLAN, 
Tunnel-Medium-Type = IEEE-802, 
#Tunnel-Private-Group-ID = "407", 
Tmp-String-1 = "407" 

Tmp-String-1 is used by default/post-auth section as it : 
update reply { 
Tunnel-Private-Group-Id := "%{reply:Tmp-String-1}" 
} 

files module is enabled in inner tunnel/authorize 

My problem : 
I cant see "accept" during inner-tunnel (after authorize file module) 
(9) files: users: Matched entry myuser at line 99 
(9) [files] = ok 
(9) } # authorize = ok 
(9) Found Auth-Type = Accept 
(9) Auth-Type = Accept, accepting the user 
(9) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel 

but next challenge says 

(10) eap_peap: ERROR: We sent a success, but the client did not agree 
(10) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed 

Il don't know what is the best way to achieve this. 
Any idea ? 
Thanks 


-- : 

Cédric Delaunay 
Service Infrastructure Systèmes et Réseaux / Direction du Système d'Information 
Admin Réseau / RSSI Suppléant 
Tel. : +33 (0)2 23 23 8568 
INSA Rennes 
20 avenue des Buttes de Coêsmes 
CS 70839 - 35 708 RENNES Cedex 7 
[ http://www.insa-rennes.fr/ | www.insa-rennes.fr ]

More information about the Freeradius-Users mailing list