(RADIATOR) How to pass Reply-Message from inside to outside of PEAP tunnel?
Robin Breathe
rbreathe at brookes.ac.uk
Thu May 25 09:24:20 CDT 2006
Hi,
We're using Radiator for wireless 802.1X AAA with PEAP/EAP-MSCHAPv2.
Following authentication, we have an AuthBy SQL performing
authorization. One of our returned check items is an Auth-Type with the
column containing either "Accept" or "Reject:(reason)". We want to
return the (reason) to the client in the Reply-Message, but the
RejectHasReason option only seems to affect the inner handler. The outer
handler simply replying with the generic "PEAP Authentication Failure"
when RejectHasReason is set, and with "Request Denied" otherwise.
Is there any way around this?
The relevant section of our configuration:
<AuthBy FILE>
Identifier Tunnel-Outer
EAPType PEAP,TTLS
EAPTLS_CAFile %{GlobalVar:oxCertDir}/cacert.crt
EAPTLS_CertificateFile %{GlobalVar:oxCertDir}/radius.crt
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %{GlobalVar:oxCertDir}/radius.key
EAPTLS_MaxFragmentSize 1000
EAPTLS_PEAPVersion 1
# The following seems to fix Airport client with PEAP on 3com
EAPTLS_PEAPBrokenV1Label
EAPAnonymous anonymous@%R
AutoMPPEKeys
</AuthBy>
<Handler TunnelledByPEAP=1>
AuthByPolicy ContinueWhileAccept
AuthBy AUTHENTICATE
AuthBy AUTHORIZE
RejectHasReason
</Handler>
<Handler>
AuthBy Tunnel-Outer
RejectHasReason
</Handler>
Regards,
Robin
--
Robin Breathe, Computer Services, Oxford Brookes University, Oxford, UK
rbreathe at brookes.ac.uk Tel: +44 1865 483685 Fax: +44 1865 483073
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060525/e4fb8054/attachment.bin>
More information about the radiator
mailing list