(RADIATOR) adding tests forspecific NASs in PEAP to an exisiting EAP-TTLS setup

[Jeff Minelli]

Currently, my Radiator setup is a fairly simple EAP-TTLS setup. What I 
would like to do is expanded the config to include PEAP from only 
specific clients, access points, usernames and ssids.

My current config is as such (simplified):

##################
<Client 10.1.1.1>
   Identifier wpa
   Secret Blah
</Client>

<Handler TunnelledByTTLS=1>
   AuthByPolicy ContinueWhileAccept
   <AuthBy GROUP>
...
   </AuthBy>
   PostAuthHook file:"%D/insidepostauthhook.pl"
   AddToReply User-Name = %u
   AcctLogFileName %L/wpa.detail
</handler>

<Handler Client-Identifier=wpa>
   RewriteUsername s/^.*\\//
   AuthByPolicy ContinueWhileReject
   <AuthBy FILE>
     EAPType TTLS,PEAP
...
   </AuthBy>
   PostAuthHook file:"%D/postauthhook.pl"
   AcctLogFileName %L/wpa.detail
</handler>
##################

What I would like to do is add a test to postauthhook.pl matching my 
requirements (ssid, username, calling and called stations). If 
everything matches I would like to rewrite ${$p}->{Client}->{Identifier} 
to "batty", exit gracefully from the current handler/hook and enter this 
one:

  <Handler TunnelledByPEAP=1,Client-Identifier=batty>
    RewriteUsername s/(.*)\\(.*)/$2/
    <AuthBy FILE>
      Filename %D/batty-users
    </AuthBy>
  </Handler>

I think my primary questions are:
1. Is this the cleanest (or even proper) way to approach this?
2. Is it "legal" to rewrite the Identifier?
3. How would I gracefully bow out of the postauthhook.pl if I pass my tests?

Thanks,

-jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2196 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060828/58303020/attachment.bin>