(RADIATOR) re: error "No Handler for TTLS inner authentication"

Hugh Irvine hugh at open.com.au
Thu Mar 16 15:47:24 CST 2006


Hello Roel -

Thanks for letting me know.

And yes there have been numerous requests for wildcards in Client  
clauses, but unfortunately it is not easy to implement.

We are still thinking about it though.

regards

Hugh


On 16 Mar 2006, at 20:30, R.H.Hoek wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> Hello Roel -
>>
>> Thanks for your mail.
>>
>> As you can see from the debug, the NAS-IP-Address is not passed in
>> the inner request by default.
>>
>> If you want to add any attribute to the inner request you need to use
>> a PreHandlerHook in the outer AuthBy clause.
>>
>> You can add the following in a file called "nas.pl" in your %D
>> directory:
>>
>> sub { my $p = ${$_[0]};
>> my $outer = $p->{outerRequest};
>> my $nas = $outer->get_attr('NAS-IP-Address');
>> $p->add_attr('NAS-IP-Address', $nas);
>> &main::log($main::LOG_DEBUG, "NAS-IP-Address = $nas");
>> return; }
>>
>> Then use this in your configuration file:
>>
>> <AuthBy FILE>
>> .....
>> PreHandlerHook file:"nas.pl"
>> .....
>> </AuthBy>
>>
>> I haven't tested the above, but you should get the idea.
>
> It works!
> thanks a lot.
>
> (BTW, a better solution would be a client clause where you can use
> subnetmasks, as asked for in previous threads....)
>
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>> On 16 Mar 2006, at 03:29, R.H.Hoek wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>>
>> Hello,
>>
>> We are (also) using Radiator for authenticatien wireless users with
>> EAP-TTLS. Because we have al lot of AccessPoints (600+), and
>> including the clients via ClientListSQL, Radiator takes too lang to
>> start (5min), I tried the next config. There is a Defaultclient with
>> a special identifier. In the appropriate Handler this identifier is
>> checked with the NAS-IP-Address. (in this case the fake range
>> 10.10.108.0 -> 10.10.111.0) This range covers the AccessPoint
>> IPrange.
>
> [...]
>
>
> - --
>
> Groeten,
>
> Roel H.Hoek,
> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
> kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
> e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
> Jabber/Googletalk: rhhoek at gmail.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEGTA2JwlRSGnYBcYRAuSTAKCQDFHQNeHOvi5JShAE+E7GYa/uEQCfdeM4
> HX1y2GWcNct5JFOMw+3ydVo=
> =5Dli
> -----END PGP SIGNATURE-----
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list