It looks like the inner tunnel calls rp_default_postauth (rlm_exec) for request 30
then it is called again calling rp_default_postauth (rlm_exec) for request 30 when the Access-Accept is sent back to the AP. Is that expected behavior? Thanks, Ron. TTLS: Got tunneled reply RADIUS code 2 Fri Oct 24 10:36:14 2003 : Debug: TTLS: Got tunneled Access-Accept Fri Oct 24 10:36:14 2003 : Debug: rlm_eap: Freeing handler Fri Oct 24 10:36:14 2003 : Debug: modsingle[authenticate]: returned from eap (rlm_ eap) for request 30 Fri Oct 24 10:36:14 2003 : Debug: modcall[authenticate]: module "eap" returns ok f or request 30 Fri Oct 24 10:36:14 2003 : Debug: modcall: group authenticate returns ok for request 30 Fri Oct 24 10:36:14 2003 : Debug: modcall: entering group post-auth for request 30 Fri Oct 24 10:36:14 2003 : Debug: modsingle[post-auth]: calling rp_default_postaut h (rlm_exec) for request 30 Fri Oct 24 10:36:14 2003 : Debug: radius_xlat: '/opt/freeradius/etc/raddb/authUser. sh [EMAIL PROTECTED] 00022d60203c NONE NONE' > > there still is another problem with TTLS > > It looks like the post-auth module ie exec-program is called twice. > Once with the correct user name, then again with the anonymous user > name. > > > > Ron. > > > > Fri Oct 24 10:36:14 2003 : Debug: rlm_exec (rp_default_postauth): > WARNING! Input pai > rs are empty. No attributes will be passed to the script > Fri Oct 24 10:36:14 2003 : Debug: radius_xlat: > '/opt/freeradius/etc/raddb/authUser. > sh [EMAIL PROTECTED] 00022d60203c NONE NONE' > Fri Oct 24 10:36:14 2003 : Debug: Exec-Program: > /opt/freeradius/etc/raddb/authUser.s > h [EMAIL PROTECTED] 00022d60203c NONE NONE > --10:36:14-- > https://localhost/CSD/[EMAIL PROTECTED]&mac=0002 > 2d60203c&rpgrp= > => > [EMAIL PROTECTED]&mac=00022d60203c&rpgrp=' > Resolving localhost... done. > Connecting to localhost[127.0.0.1]:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 150 [text/html] > > 100%[========================================>] 150 146.48K/s > ETA 00:00 > > 10:36:14 (146.48 KB/s) - > [EMAIL PROTECTED]&mac=00022d60203c&r > pgrp=' saved [150/150] > > Fri Oct 24 10:36:14 2003 : Debug: Exec-Program output: > Fri Oct 24 10:36:14 2003 : Debug: Exec-Program: returned: 0 > Fri Oct 24 10:36:14 2003 : Debug: modsingle[post-auth]: returned from > rp_default_p > ostauth (rlm_exec) for request 30 > Fri Oct 24 10:36:14 2003 : Debug: modcall[post-auth]: module > "rp_default_postauth" > returns ok for request 30 > Fri Oct 24 10:36:14 2003 : Debug: modcall: group post-auth returns ok > for request 30 > TTLS: Got tunneled reply RADIUS code 2 > Fri Oct 24 10:36:14 2003 : Debug: TTLS: Got tunneled Access-Accept > Fri Oct 24 10:36:14 2003 : Debug: rlm_eap: Freeing handler > Fri Oct 24 10:36:14 2003 : Debug: modsingle[authenticate]: returned > from eap (rlm_ > eap) for request 30 > Fri Oct 24 10:36:14 2003 : Debug: modcall[authenticate]: module "eap" > returns ok f > or request 30 > Fri Oct 24 10:36:14 2003 : Debug: modcall: group authenticate returns ok > for request > 30 > Fri Oct 24 10:36:14 2003 : Debug: modcall: entering group post-auth for > request 30 > Fri Oct 24 10:36:14 2003 : Debug: modsingle[post-auth]: calling > rp_default_postaut > h (rlm_exec) for request 30 > Fri Oct 24 10:36:14 2003 : Debug: radius_xlat: > '/opt/freeradius/etc/raddb/authUser. > sh [EMAIL PROTECTED] 00022d60203c NONE NONE' > Fri Oct 24 10:36:14 2003 : Debug: Exec-Program: > /opt/freeradius/etc/raddb/authUser.s > h [EMAIL PROTECTED] 00022d60203c NONE NONE > --10:36:14-- > https://localhost/CSD/[EMAIL PROTECTED]&ma > c=00022d60203c&rpgrp= > => > [EMAIL PROTECTED]&mac=00022d60203c&rpgrp= > ' > Resolving localhost... done. > Connecting to localhost[127.0.0.1]:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 150 [text/html] > > 100%[========================================>] 150 146.48K/s > ETA 00:00 > > 10:36:14 (146.48 KB/s) - > [EMAIL PROTECTED]&mac=00022d60 > 203c&rpgrp=' saved [150/150] l > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
