[RADIATOR] missing request attributes with TunnelledByPEAP

Heikki Vatiainen hvn at open.com.au
Wed Feb 15 12:40:18 CST 2012


On 02/15/2012 05:18 PM, Alexander Hartmaier wrote:

Hello Alex,

> The inner TLS packet is matched by
> <Handler Client-Identifier="wlancontroller", TunnelledByPEAP=1>
> but in case we want to have multiple SSIDs using PEAP-something we can't
> distinguish the inner request because the Called-Station-Id isn't
> included in the inner request.
> 
> Is there an option which attributes get copied to the inner request packet?

You can use PreHandlerHook. It is now documented in 4.9 ref.pdf too:

  5.20.65 PreHandlerHook
  For EAP types that carry inner requests (such as PEAP, TTLS, FAST
  etc), specifies a Perl hook to be called before the inner request
  is redispatched to a matching Realm or Handler.


In the outer Handler do something like this:

PreHandlerHook sub { \
  my $tp = ${$_[0]}; \
  $tp->add_attr('Called-Station-Id', \
                $tp->{outerRequest}->get_attr('Called-Station-Id')); \
  };

tp stands for tunnelled packet. It can be manipulated with
PreHandlerHook from the outer Handler.

Thanks!
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list