On 05/17/2012 05:07 AM, C.F. Yeung wrote:
I have added a new eap_new with the other cert in eap.conf and tried the
unlang policy. But, it still goes to my existing eap/cert. MAC address
and IP are masked by x.
+- entering group authorize {...}
++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam")
? Evaluating (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE
++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE
++- entering if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") {...}
[eap_new] EAP packet type response id 5 length 253
[eap_new] Continuing tunnel setup.
+++[eap_new] returns ok
++- if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
You didn't do what I said. You're still running the "eap" module. You need:
authorize {
...
if ( ... ) {
eap_new
}
else {
eap
}
...
}
++[eap] returns ok
Found Auth-Type = eap_new
Found Auth-Type = EAP
> Warning: Found 2 auth-types on request for user 'testuser'
READ the debug output please!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
