[RADIATOR] the use of TunnelledByTTLS=0 changed?

Heikki Vatiainen hvn at open.com.au
Mon May 23 06:15:46 CDT 2011 

On 05/23/2011 12:46 PM, Roel Hoek wrote:

> We are in a process of migrating our radius servers to another host. On
> the old host we are running Radiator 3.17.1. On de new host we run 4.8
> 
> On the old server we make use of TunnelledByTTLS=0 to differentiate
> between inner (TTLS,PEAP) and outer EAP authentication.:

You are correct, somewhere between 3.17.1 and 4.8 Handler check changed.

Note that even with 3.17.1 TunnelledByTTLS was never 0. It was either
not defined at all (undef) or had a value that was larger than 0. So it
was a bit incorrect to make the implication that if TunnelledByTTLS can
be 1, it can also be 0.

The solution you have found (reorder handlers and remove
TunnelledByTTLS=0) is correct and will work also with older versions
including 3.17.1.

Thanks for highlighting this change!
Heikki


> <Handler Realm=fake.net,
> Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByTTLS=0>
>         <AuthBy FILE>
>                 EAPType TTLS,PEAP
> 
>                 EAPTLS_CAFile /etc/radiator/pki/CAs/661141457_chain.pem
> .
> .
> .
>         </AuthBy>
> </Handler>
> 
> <Handler Realm=/fake.net/,
> Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByTTLS=1>
> .
> .
> </Handler>
> 
> 
> <Handler Realm=/fake.net/,
> Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByPEAP=1>
> .
> .
> </Handler>
> 
> It looks like TunnelledByTTLS is not set anymore and the right handler
> can not be selected.
> 
> The problem can easily solved by changing the Handler order and remove
> Handler check attribute TunnelledByTTLS=0.
> 
> 
> 
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list