Move run-time error to run-time warning

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
index 06677cd..a41f781 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
@@ -1023,6 +1023,13 @@ rlm_rcode_t eappeap_process(eap_handler_t *handler, tls_session_t *tls_session,
                if (vp) {
                        eap_tunnel_data_t *tunnel;
 
+                       if (!auth_type_eap) {
+                               RERROR("You must set 'inner_eap_module' in the 'peap' configuration");
+                               RERROR("This is required in order to proxy the inner EAP session.");
+                               rcode = RLM_MODULE_REJECT;
+                               goto done;
+                       }
+
                        /*
                         *      The tunneled request was NOT handled,
                         *      it has to be proxied.  This means that

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
index ce0a965..b5b90da 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
@@ -55,7 +55,7 @@ static CONF_PARSER module_config[] = {
 
        { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, default_method_name), "mschapv2" },
 
-       { "inner_eap_module", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, inner_eap_module), "eap" },
+       { "inner_eap_module", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, inner_eap_module), NULL },
 
        { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, copy_request_to_tunnel), "no" },
 
@@ -122,15 +122,18 @@ static int mod_instantiate(CONF_SECTION *cs, void **instance)
                return -1;
        }
 
+       /*
+        *      Don't expose this if we don't need it.
+        */
+       if (!inst->inner_eap_module) inst->inner_eap_module = "eap";
 
        dv = dict_valbyname(PW_AUTH_TYPE, 0, inst->inner_eap_module);
        if (!dv) {
-               cf_log_err_cs(cs, "Failed to find 'Auth-Type %s' section in virtual server %s.  Cannot authenticate users.",
-                             inst->inner_eap_module, inst->virtual_server);
-               return -1;
+               WARN("Failed to find 'Auth-Type %s' section in virtual server %s.  The server cannot proxy inner-tunnel EAP packets.",
+                    inst->inner_eap_module, inst->virtual_server);
+               inst->auth_type_eap = dv->value;
        }
 
-       inst->auth_type_eap = dv->value;
        return 0;
 }