(RADIATOR) Question about var differences between inner and outer authentications.

Mike McCauley mikem at open.com.au
Tue Oct 12 01:30:30 CDT 2004 

Hello Terry,


On Tuesday 12 October 2004 16:14, Terry Simons wrote:
> Thanks Hugh,
>
> I'll play with a hook and see if I can at least get things working.
>
> I would like to use the AddToRequest/Reply functionality if possible,
> but I can't figure it out.
>
> I can manually add pieces into the inner with something like:
>
> <Handler TunnelledByTTLS=1>
> AddToRequest Calling-Station-Id = abc123
>
> AuthBy BY_FILE
> </Handler>
>
> But I can't seem to figure out how to say "Calling-Station-Id" gets the
> value of "Calling-Station-Id" in the outer request to which this inner
> request belongs.
>
> Is this even possible?

There is no syntax for AddToRequest for getting attributes from the outer 
request. So I cant see a way to do what you are looking for just by jiggling 
AddToRequest etc.

Further to what Hugh posted, in a hook, you can get to the outer packet from 
the inner packet with $p->{outerRequest}.

Hope that helps.
Cheers.

>
> - Terry
>
> On Oct 11, 2004, at 11:14 PM, Hugh Irvine wrote:
> > Hi Terry -
> >
> > As you would have seen, there is a pointer to the current request ($p)
> > that is passed around the various modules as the main parameter. There
> > is another ponter to the current reply that is included in $p->{rp}.
> > You can use these two pointers in hooks to access both packets. In
> > addition the usual "AddToRequest" and "AddToReply" should also work.
> > The EAP extensions are part of AuthGeneric.pm (sub
> > handle_request(...)).
> >
> > regards
> >
> > Hugh
> >
> > On 12 Oct 2004, at 14:25, Terry Simons wrote:
> >> Hi,
> >>
> >> I'm curious how Radiator handles the the Inner authentication in, for
> >> instance, a TTLS->PAP authentication.
> >>
> >>  Is it possible to artificially insert attributes from the outer
> >> tunnel into the inner (for instance, Calling-Station-Id)?  I've been
> >> trying to grok through EAP_21.pm, but so far I haven't been able to
> >> figure this out.
> >>
> >> Thanks!
> >>
> >> - Terry
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > -- 
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> Thanks Hugh,
>
> I'll play with a hook and see if I can at least get things working.
>
> I would like to use the AddToRequest/Reply functionality if possible,
> but I can't figure it out.
>
> I can manually add pieces into the inner with something like:
>
> <Handler TunnelledByTTLS=1>
> AddToRequest Calling-Station-Id = abc123
>
> AuthBy BY_FILE
> </Handler>
>
> But I can't seem to figure out how to say "Calling-Station-Id" gets the
> value of "Calling-Station-Id" in the outer request to which this inner
> request belongs.
>
> Is this even possible?
>
> - Terry
>
> On Oct 11, 2004, at 11:14 PM, Hugh Irvine wrote:
>
>
> Hi Terry -
>
> As you would have seen, there is a pointer to the current request ($p)
> that is passed around the various modules as the main parameter. There
> is another ponter to the current reply that is included in $p->{rp}.
> You can use these two pointers in hooks to access both packets. In
> addition the usual "AddToRequest" and "AddToReply" should also work.
> The EAP extensions are part of AuthGeneric.pm (sub
> handle_request(...)).
>
> regards
>
> Hugh
>
>
>
> On 12 Oct 2004, at 14:25, Terry Simons wrote:
>
> Hi,
>
> I'm curious how Radiator handles the the Inner authentication in, for
> instance, a TTLS->PAP authentication.
>
>  Is it possible to artificially insert attributes from the outer tunnel
> into the inner (for instance, Calling-Station-Id)?  I've been trying to
> grok through EAP_21.pm, but so far I haven't been able to figure this
> out.
>
> Thanks!
>
> - Terry
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list