[strongSwan] EAP Radius

Raoul Duke rduke496 at gmail.com
Wed Nov 13 22:18:21 CET 2013


On Wed, Nov 13, 2013 at 4:46 PM, Raoul Duke <rduke496 at gmail.com> wrote:
> On Wed, Nov 13, 2013 at 4:18 PM, Martin Willi <martin at strongswan.org> wrote:
>>
>>> So if I don't see a RADIUS auth attempt when I add "rightgroups" then
>>> how could it ever determine the group to know if it would match.
>>
>> It won't, and the connection just does not match if that group
>> membership is not determined.
>
> We must be talking at cross purposes.  Im saying:
>
> * when I leave out the "rightgroups" constraint I see a RADIUS auth
> attempt.  All good.
> * when I add "rightgroups" constraint to the connection I don't see a
> RADIUS auth attempt
>
> If the group membership is determined via a RADIUS auth reply and the
> RADIUS lookup is not even done then how can the latter case ever work?

Update: I was able to get the behavior I want/expect by using
rightgroups2 rather than rightgroups.

Thanks,




More information about the Users mailing list