(RADIATOR) Question about var differences between inner and outer authentications.
Hugh Irvine
hugh at open.com.au
Tue Oct 12 01:38:39 CDT 2004
Hi Terry -
The inner request contains a pointer to the outer request which you can
access in a hook when the inner request is processed like this:
my $outer_request = $p->{outerRequest};
See EAP_21.pm sub handle_tls_data(...) about 50 lines down.
regards
Hugh
On 12 Oct 2004, at 16:14, Terry Simons wrote:
> Thanks Hugh,
>
> I'll play with a hook and see if I can at least get things working.
>
> I would like to use the AddToRequest/Reply functionality if possible,
> but I can't figure it out.
>
> I can manually add pieces into the inner with something like:
>
> <Handler TunnelledByTTLS=1>
> AddToRequest Calling-Station-Id = abc123
>
> AuthBy BY_FILE
> </Handler>
>
> But I can't seem to figure out how to say "Calling-Station-Id" gets
> the value of "Calling-Station-Id" in the outer request to which this
> inner request belongs.
>
> Is this even possible?
>
> - Terry
>
> On Oct 11, 2004, at 11:14 PM, Hugh Irvine wrote:
>
>>
>> Hi Terry -
>>
>> As you would have seen, there is a pointer to the current request
>> ($p) that is passed around the various modules as the main parameter.
>> There is another ponter to the current reply that is included in
>> $p->{rp}. You can use these two pointers in hooks to access both
>> packets. In addition the usual "AddToRequest" and "AddToReply" should
>> also work. The EAP extensions are part of AuthGeneric.pm (sub
>> handle_request(...)).
>>
>> regards
>>
>> Hugh
>>
>>
>>
>> On 12 Oct 2004, at 14:25, Terry Simons wrote:
>>
>>> Hi,
>>>
>>> I'm curious how Radiator handles the the Inner authentication in,
>>> for instance, a TTLS->PAP authentication.
>>>
>>> Is it possible to artificially insert attributes from the outer
>>> tunnel into the inner (for instance, Calling-Station-Id)? I've been
>>> trying to grok through EAP_21.pm, but so far I haven't been able to
>>> figure this out.
>>>
>>> Thanks!
>>>
>>> - Terry
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
> Thanks Hugh,
>
> I'll play with a hook and see if I can at least get things working.
>
> I would like to use the AddToRequest/Reply functionality if possible,
> but I can't figure it out.
>
> I can manually add pieces into the inner with something like:
>
> <Handler TunnelledByTTLS=1>
> AddToRequest Calling-Station-Id = abc123
>
> AuthBy BY_FILE
> </Handler>
>
> But I can't seem to figure out how to say "Calling-Station-Id" gets
> the value of "Calling-Station-Id" in the outer request to which this
> inner request belongs.
>
> Is this even possible?
>
> - Terry
>
> On Oct 11, 2004, at 11:14 PM, Hugh Irvine wrote:
>
>
> Hi Terry -
>
> As you would have seen, there is a pointer to the current request ($p)
> that is passed around the various modules as the main parameter. There
> is another ponter to the current reply that is included in $p->{rp}.
> You can use these two pointers in hooks to access both packets. In
> addition the usual "AddToRequest" and "AddToReply" should also work.
> The EAP extensions are part of AuthGeneric.pm (sub
> handle_request(...)).
>
> regards
>
> Hugh
>
>
>
> On 12 Oct 2004, at 14:25, Terry Simons wrote:
>
> Hi,
>
> I'm curious how Radiator handles the the Inner authentication in, for
> instance, a TTLS->PAP authentication.
>
> Is it possible to artificially insert attributes from the outer
> tunnel into the inner (for instance, Calling-Station-Id)? I've been
> trying to grok through EAP_21.pm, but so far I haven't been able to
> figure this out.
>
> Thanks!
>
> - Terry
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list