(RADIATOR) Question about var differences between inner and outer authentications.
Terry Simons
galimore at mac.com
Tue Oct 12 01:14:20 CDT 2004
Thanks Hugh,
I'll play with a hook and see if I can at least get things working.
I would like to use the AddToRequest/Reply functionality if possible,
but I can't figure it out.
I can manually add pieces into the inner with something like:
<Handler TunnelledByTTLS=1>
AddToRequest Calling-Station-Id = abc123
AuthBy BY_FILE
</Handler>
But I can't seem to figure out how to say "Calling-Station-Id" gets the
value of "Calling-Station-Id" in the outer request to which this inner
request belongs.
Is this even possible?
- Terry
On Oct 11, 2004, at 11:14 PM, Hugh Irvine wrote:
>
> Hi Terry -
>
> As you would have seen, there is a pointer to the current request ($p)
> that is passed around the various modules as the main parameter. There
> is another ponter to the current reply that is included in $p->{rp}.
> You can use these two pointers in hooks to access both packets. In
> addition the usual "AddToRequest" and "AddToReply" should also work.
> The EAP extensions are part of AuthGeneric.pm (sub
> handle_request(...)).
>
> regards
>
> Hugh
>
>
>
> On 12 Oct 2004, at 14:25, Terry Simons wrote:
>
>> Hi,
>>
>> I'm curious how Radiator handles the the Inner authentication in, for
>> instance, a TTLS->PAP authentication.
>>
>> Is it possible to artificially insert attributes from the outer
>> tunnel into the inner (for instance, Calling-Station-Id)? I've been
>> trying to grok through EAP_21.pm, but so far I haven't been able to
>> figure this out.
>>
>> Thanks!
>>
>> - Terry
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
Thanks Hugh,
I'll play with a hook and see if I can at least get things working.
I would like to use the AddToRequest/Reply functionality if possible,
but I can't figure it out.
I can manually add pieces into the inner with something like:
<Handler TunnelledByTTLS=1>
AddToRequest Calling-Station-Id = abc123
AuthBy BY_FILE
</Handler>
But I can't seem to figure out how to say "Calling-Station-Id" gets the
value of "Calling-Station-Id" in the outer request to which this inner
request belongs.
Is this even possible?
- Terry
On Oct 11, 2004, at 11:14 PM, Hugh Irvine wrote:
Hi Terry -
As you would have seen, there is a pointer to the current request ($p)
that is passed around the various modules as the main parameter. There
is another ponter to the current reply that is included in $p->{rp}.
You can use these two pointers in hooks to access both packets. In
addition the usual "AddToRequest" and "AddToReply" should also work.
The EAP extensions are part of AuthGeneric.pm (sub
handle_request(...)).
regards
Hugh
On 12 Oct 2004, at 14:25, Terry Simons wrote:
Hi,
I'm curious how Radiator handles the the Inner authentication in, for
instance, a TTLS->PAP authentication.
Is it possible to artificially insert attributes from the outer tunnel
into the inner (for instance, Calling-Station-Id)? I've been trying to
grok through EAP_21.pm, but so far I haven't been able to figure this
out.
Thanks!
- Terry
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list