[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: What proxy features does the freeradius server support?
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2017-10-20 17:18:50
Message-ID: E0B6648B-DAA4-4497-BE37-052261B335D2 () deployingradius ! com
[Download RAW message or body]

On Oct 20, 2017, at 12:45 PM, work vlpl <thework.vlpl@gmail.com> wrote:
> 
> Thank you for your answers, you help a lot, could you answer a couple more
> questions?

  Sure.

> log from home server
> ...
> (0) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x0998f23b0990e83c
> (0) eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request

  It's hard to tell from the truncated debug output.  But I suspect the proxy is \
sending a State when it shouldn't.
> 
> and virtual site for inner tunnel
> 
> ==
> server peap_and_ttls {
> authorize {
> eap {
> ok = return
> }

  If you're doing to proxy the inner-tunnel session, you CANNOT do EAP in the \
inner-tunnel.

  Pick one: (a) run the EAP module in the inner-tunnel, or (b) proxy in the \
inner-tunnel.

> if(&reply:Supplicant-Use-Remote == 'yes') {
> update control {
> Proxy-To-Realm := 'testing-realm'

  You can't do that.  I already said so in a previous message.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]