Hi Florian, > > If you already successfully used outer = inner identity and it worked, > > you don't need to change anything. the eap module doesn't care about the > > User-Name of the outer request, just try it out. > > Hm, but I want to use "anonymus" as the outer username ( for eap) and > my real username for the authentication/authorization.
as I told you before: you need to do *nothing*. There is no need for a users file entry for the name anonymous. Forget about it. > > The inner request will magically show up after the tunnel has been > > decoded. It is a new request, and will have its own User-Name attribute. > > Hm, for me it does not work, That may be, but then your problem is not related to a missing users entry for the outer request, but something completely different. > my settings: > > users-file: > #WLAN-anonymus: > DEFAULT User-Name=~"^[Aa][Nn][Oo][Nn][Yy][Mm][Oo][Uu][Ss]$", > Huntgroup-Name == WLAN > Auth-Type:=EAP Delete those lines. They are superfluous (though they dont seem to do any harm, unless one of your real user names would match the regex. In this case, this line would actually *break* things). > > # Default-Wlan > DEFAULT Auth-Type = pap, Huntgroup-Name == WLAN And this one is wrong, very wrong. Setting Auth-Type to pap (PAP?) is neither necessary nor does it make things better. Delete it as well. > > my log: > rad_recv: Access-Request packet from host 131.188.4.190:20003, id=173, > length=148 > NAS-Port-Id = "2059/1" > Calling-Station-Id = "00-12-17-78-DD-58" > Called-Station-Id = "00-0B-0E-15-3D-80:FAU-STAFF" > Service-Type = Framed-User > EAP-Message = 0x0 > User-Name = "anonymous" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "Trapeze" > NAS-IP-Address = 131.188.4.190 > Message-Authenticator = 0x4 > Fri Nov 17 12:03:14 2006 : Debug: Processing the authorize section of > radiusd.conf > Fri Nov 17 12:03:14 2006 : Debug: modcall: entering group authorize for > request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling > preprocess (rlm_preprocess) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: returned from > preprocess (rlm_preprocess) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modcall[authorize]: module > "preprocess" returns ok for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling > auth_log (rlm_detail) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: radius_xlat: > '/var/log/radius/radacct/131.188.4.190/auth-detail-20061117' > Fri Nov 17 12:03:14 2006 : Debug: rlm_detail: > /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands > to /var /log/radius/radacct/131.188.4.190/auth-detail-20061117 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: returned from > auth_log (rlm_detail) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modcall[authorize]: module > "auth_log" returns ok for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling chap > (rlm_chap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: returned from > chap (rlm_chap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modcall[authorize]: module "chap" > returns noop for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling mschap > (rlm_mschap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: returned from > mschap (rlm_mschap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modcall[authorize]: module "mschap" > returns noop for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling eap > (rlm_eap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: rlm_eap: EAP packet type response id > 1 length 14 > Fri Nov 17 12:03:14 2006 : Debug: rlm_eap: No EAP Start, assuming it's > an on-going EAP conversation > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: returned from > eap (rlm_eap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modcall[authorize]: module "eap" > returns updated for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling files > (rlm_files) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: users: Matched entry DEFAULT at > line 157 > Fri Nov 17 12:03:14 2006 : Debug: radius_xlat: 'anonymous' > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: returned from > files (rlm_files) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modcall[authorize]: module "files" > returns ok for request 0 > Fri Nov 17 12:03:14 2006 : Debug: modsingle[authorize]: calling ldap > (rlm_ldap) for request 0 > Fri Nov 17 12:03:14 2006 : Debug: rlm_ldap: - authorize > Fri Nov 17 12:03:14 2006 : Debug: rlm_ldap: performing user > authorization for anonymous Seems like the order in which the various modules get called is wrong. eap (and realm instances like suffix, if you use that) should be before ldap, is this the case? Posting the authorize {} and authenticate {} stanzas would certainly help. And, lastly, did you set copy_request_to_tunnel in eap.conf? Don't, because then your real inner user name gets overwritten by the outer one. Greetings, Stefan Winter -- -= visit http://www.webjumping.com =- This mail is guaranteed to be virus free because it was sent from a computer running Linux. -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html