On 04/04/12 18:34, Fajar A. Nugraha wrote:
@Glen, can you try testing with simple PAP? This is to isolate
EAP-related problem.
You probably need to use radclient to manually add Calling-Station-Id
attribute to the request. Look at the end of "radtest" program (which
is a shell script) to see an example how to use radclient.
I've just tried with radclient:
echo "User-Name = user01, Password = pass01, Calling-Station-Id =
98-4B-4A-F5-BF-40" | radclient -s localhost:1812 auth testing123
successfully authenticates the user using rlm_sql and pap. Changing the
MAC to a different value fails the SQL query and authentication as expected.
Going back to the access point, I can now understand that the failure is
happening inside the inner-tunnel virtual server. First the authorize
section is called which does the SQL query but can't match the user,
then the authenticate section which fails because there's no password set.
5 minutes of googling later I found a pointer to copy_request_to_tunnel
in the peap section of eap.conf and my client devices started
authenticating.
Many thanks to everyone who helped.
Regards, glen.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
