(RADIATOR) How to pass Reply-Message from inside to outside of PEAP tunnel?
Hugh Irvine
hugh at open.com.au
Sat May 27 21:40:07 CDT 2006
Hi Robin -
An AddToReply inside an AuthBy clause will only operate when there is
an ACCEPT.
If you put the AddToReply outside the AuthBy clause, it will operate
for REJECT too.
Ie.
<Handler>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
AddToReply OSC-AVPAIR = "this is always added to the reply"
</Handler>
gives the following
Sun May 28 12:38:31 2006: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 50218 ....
Code: Access-Request
Identifier: 241
Authentic: 1234567890123456
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <129><243>'<213><215>
\<4><246><188>8<9><160><216>}x<153>
Sun May 28 12:38:32 2006: DEBUG: Handling request with Handler ''
Sun May 28 12:38:32 2006: DEBUG: Deleting session for mikem,
203.63.154.1, 1234
Sun May 28 12:38:32 2006: DEBUG: Handling with AuthINTERNAL:
Sun May 28 12:38:32 2006: DEBUG: AuthBy INTERNAL result: REJECT,
Fixed by DefaultResult
Sun May 28 12:38:32 2006: INFO: Access rejected for mikem: Fixed by
DefaultResult
Sun May 28 12:38:32 2006: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 50218 ....
Code: Access-Reject
Identifier: 241
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
OSC-AVPAIR = "this is always added to the reply"
regards
Hugh
On 27 May 2006, at 20:14, Robin Breathe wrote:
> On 27 May 2006, at 05:34, Hugh Irvine wrote:
>> What version of Radiator are you running?
>>
>> There have been some patches for Radiator 3.14 which may be relevant.
>>
>> You should be running Radiator 3.14 plus the latest patches.
>
> We're currently using version 3.14 with patches up to the 6th of
> May, Perl 5.8.7.
>
>> And from what you show below I would have expected you to use
>>
>> ${$_[0]}->{outerRequest}->add_attr()
>>
>> as far as I know, set_attr() does not exist.
>
> Sorry, that was a typo in the message :) (I constantly find myself
> instinctively trying to use get_attr/set_attr rather than get_attr/
> add_attr...)
>
>> You should also be able to use AddToRequest as well as normal
>> AuthColumnDef's and so on.
>
> As I said in my last message, we're now passing information from
> the inner handler back out to the outer handler by using temporary
> pseudo attributes in the reply message. The only issue is that
> these attributes seem to get stripped when the reply is an Access-
> Reject, meaning we can't pass the Reject reason back out in this
> way, but we're content for the time being!
>
> Regards,
> Robin
> --
> Robin Breathe, Computer Services, Oxford Brookes University,
> Oxford, UK
> rbreathe at brookes.ac.uk Tel: +44 (0)1865
> 483685
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list