(RADIATOR) adding tests forspecific NASs in PEAP to an exisiting EAP-TTLS setup

Hugh Irvine hugh at open.com.au
Mon Aug 28 17:44:09 CDT 2006 

On 29 Aug 2006, at 05:44, Jeff Minelli wrote:

> Currently, my Radiator setup is a fairly simple EAP-TTLS setup.  
> What I would like to do is expanded the config to include PEAP from  
> only specific clients, access points, usernames and ssids.
>
> My current config is as such (simplified):
>
> ##################
> <Client 10.1.1.1>
>   Identifier wpa
>   Secret Blah
> </Client>
>
> <Handler TunnelledByTTLS=1>
>   AuthByPolicy ContinueWhileAccept
>   <AuthBy GROUP>
> ...
>   </AuthBy>
>   PostAuthHook file:"%D/insidepostauthhook.pl"
>   AddToReply User-Name = %u
>   AcctLogFileName %L/wpa.detail
> </handler>
>
> <Handler Client-Identifier=wpa>
>   RewriteUsername s/^.*\\//
>   AuthByPolicy ContinueWhileReject
>   <AuthBy FILE>
>     EAPType TTLS,PEAP
> ...
>   </AuthBy>
>   PostAuthHook file:"%D/postauthhook.pl"
>   AcctLogFileName %L/wpa.detail
> </handler>
> ##################
>
> What I would like to do is add a test to postauthhook.pl matching  
> my requirements (ssid, username, calling and called stations). If  
> everything matches I would like to rewrite ${$p}->{Client}-> 
> {Identifier} to "batty", exit gracefully from the current handler/ 
> hook and enter this one:
>
>  <Handler TunnelledByPEAP=1,Client-Identifier=batty>
>    RewriteUsername s/(.*)\\(.*)/$2/
>    <AuthBy FILE>
>      Filename %D/batty-users
>    </AuthBy>
>  </Handler>
>
> I think my primary questions are:
> 1. Is this the cleanest (or even proper) way to approach this?
> 2. Is it "legal" to rewrite the Identifier?
> 3. How would I gracefully bow out of the postauthhook.pl if I pass  
> my tests?
>
> Thanks,
>
> -jeff



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list