[RADIATOR] PostAuthHook isn't called from a TunnelledByTTLS=1 handler
René Hennequin
R.V.Hennequin at hva.nl
Wed May 18 07:11:58 CDT 2011
Hi all,
It looks like PostAuthHook isn't called from the TunnelledByTTLS=1 handler.
The handler:
<Handler TunnelledByTTLS=1, Realm=/(abc.nl)*/i>
# Remove realms and other things
RewriteUsername >>>>s/^([^@]+).*/$1/
# connect to LDAP for authentication
# may use both servers but first try local
MaxSessions 3
<AuthBy GROUP>
AuthByPolicy ContinueWhileIgnore
<AuthBy LDAP2>
# host info
Host 1.1.1.1
Port 389
Version 3
NoDefault
# If LDAP timeout occurs wait 60 seconds before retry ( default =
600 seconds)
FailureBackoffTime 60
# use application specific user
AuthDN <snip>
AuthPassword <snip>
BaseDN dc=abc,dc=nl
# get the user
UsernameAttr uid
PasswordAttr userPassword
# return vlan id from ldap
AuthAttrDef ipNetworkNumber, Tunnel-Private-Group-ID, reply
</AuthBy>
</AuthBy GROUP>
PostAuthHook file:"%D/vlan-id-abc.pl"
</Handler>
The debug log:
Wed May 18 13:38:20 2011: DEBUG: LDAP got userPassword: {SSHA}<snip>
Wed May 18 13:38:20 2011: DEBUG: LDAP got ipNetworkNumber: 16
Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 looks for match with
abc [abc at abc.nl]
Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 ACCEPT: : abc
[abc at abc.nl]
Wed May 18 13:38:20 2011: DEBUG: AuthBy GROUP result: ACCEPT,
Wed May 18 13:38:20 2011: INFO: Access accepted for abc
Wed May 18 13:38:20 2011: DEBUG: Returned TTLS tunnelled Diameter Packet
dump:
Code: Access-Accept
Identifier: UNDEF
Can someone confirm that PostAuthHook isn't called for TunnelledByTTLS=1
handlers?
Regards,
René Hennequin
Hogeschool van Amsterdam
More information about the radiator
mailing list