Hi
I think you are using PEAP protocol.
In PEAP and TTLS protocol, two users exist, inner user and outer user.
The outer user is used for establishing securely encrypted tunnel.
The inner user is actually used for authentication through the tunnel.
And the check list is applied only at inner authentication.
The reason that the check list isn't applied if using PEAP or TTLS is
Most adjunctive attributes, stuff like Colubris-AVPAIR, NAS-Identifier, are attached to outer user.
Thus, the check list can't find these attributes.
If you want to check these attributes, you must enable "Request filters" feature.
The Request filters can copy outer attributes to inner authentication.
The configuration steps are below
1. Open the admin GUI.
2. Create a new filter, Select "allow", Specify the attribute name you want to copy.
3. When you finished, Click "Authentication Policies, Double click "PEAP"
Select "Request Filters", enable "Transfer Outer Attribs to New" and "Transfer Outer Attribs to Continue"
and select the filter you created.
If the check list still doesnÍt be applied, change the LogLevel to 2 and the TraceLevel to 1 in the radius.ini.
then, Check the debug log starting with "Tunneled Authentication Request",
you can detect whether the attributes are copied to inner authentication.
04/02/2009 11:30:47 -----------------------------------------------------------
04/02/2009 11:30:47 Tunneled Authentication Request
04/02/2009 11:30:47 Packet : Code = 0x1 ID = 0x32
04/02/2009 11:30:47 Client Name = <ANY> Dictionary Name = Radius.dct
04/02/2009 11:30:47 Vector =
04/02/2009 11:30:47 000: 478c56d2 43358b89 ad959947 16ffbfcb |G.V.C5.....G....|
04/02/2009 11:30:47 Parsed Packet =
04/02/2009 11:30:47 User-Name : String Value = testsuser
04/02/2009 11:30:47 User-Password : String Value = <suppressed>
04/02/2009 11:30:47 -----------------------------------------------------------
