(RADIATOR) Problem with session database and wireless reauthe ntication

Mike McCauley mikem at open.com.au
Tue Jan 11 17:22:28 CST 2005 

Hello Roy,


On Wednesday 12 January 2005 00:55, Roy Badami wrote:
>     Hugh> Please let me know what you discover.
>
> The initial authentication has Service-Type=Login-User,
> reauthentication has Service-Type=Authenticate-Only
>
> These attributes are included on every message of the EAP conversation.
>
> So far so good.
>
> Now the problem.  I'm using EAP-TTLS/PAP.  Now, the outer requests
> should probably be using SessionDatabase NULL anyway, since they don't
> contain a useful username.  The inner requests are where the action is.
>
> Unfortunately the inner requests that get faked up don't contain the
> Service-Type attribute so I can't use that to select my handler...
>
> I was hoping I could copy the attribute in a PreHandlerHook as follows:
>
> sub
> {
>     my $p = ${$_[0]};
>     my $outer = $p->{outerRequest};
>     if ($outer) {
>         # If we get here, then outerRequest was set, so we are an inner
>         # request.  Propagate Service-Type from the outer request to the
>         # inner, so that we can use it to select a handler
>         $p->add_attr('Service-Type', $outer->get_attr('Service-Type'));
>     }
> }
>
> Unfortunately PreHandlerHook isn't called for the tunnel request;
> perhaps it should be?

Thats a good idea.
We have now added support for PreHandlerHook to all modules that can route 
requests back to the Handlers list, including ServerTACACSPLUS.pm EAP_21.pm 
EAP_25.pm EAP_26.pm.

Patches now in the 3.11 patch set.

Cheers.

>
> 	-roy
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list