> Hmm... OK. The issue appears to be that the tunneled reply is saved > for Access-Accept, but not Access-Reject. > See "accept_vps" in rlm_eap_peap/*. Something similar needs to be > done for reject, and for TTLS.
You are a gentleman and a scholar! I have made the changes as you suggested for PEAP and tested PEAP-MSCHAPv2. It works! I am now able to log the output from ntlm_auth and MS-CHAP-Error. I'm also excited about the improved TLS logging in 2.1.10. I will add the code for TTLS now. Unfortunately, I don't have a way to test that as I don't believe eapol_test supports TTLS and we don't use it. I suppose someone else can test it once I upload the patch (which I will do after I make the TTLS changes). Thanks again Alan. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
