[RADIATOR] missing request attributes with TunnelledByPEAP

Alexander Hartmaier alexander.hartmaier at t-systems.at
Thu Feb 16 02:39:52 CST 2012 

Hi Heikki,
I had to upgrade Radiator which was version 4.8 on this server so that
it knows PreHandlerHook.
It works when the PreHandlerHook is in the AuthBy but not when it is in
the Handler but doesn't warn about the PreHandlerHook in the Handler.
Is both supported for different usages?

What confused me is the fact that the copied attribute isn't visible in
the trace file but the dispatching still works:

Thu Feb 16 09:34:34 2012: DEBUG: EAP PEAP inner authentication request
for anonymous
Thu Feb 16 09:34:34 2012: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <30><142><221><130>g<220><185>cI<189><138>Z<234>6*~
Attributes:
        EAP-Message = <2><12><0><2><13><0>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        NAS-IP-Address = 10.1.2.3
        NAS-Identifier = "nas.fqdn.net"
        NAS-Port = 13
        Calling-Station-Id = "00-21-6a-42-e8-46"
        User-Name = "anonymous"

Thu Feb 16 09:34:34 2012: DEBUG: Handling request with Handler
'Client-Identifier="wlancontroller", Called-Station-Id=/:SSID$/,
TunnelledByPEAP=1', Identifier ''

Best regards, Alex

Am 2012-02-15 19:40, schrieb Heikki Vatiainen:
> On 02/15/2012 05:18 PM, Alexander Hartmaier wrote:
>
> Hello Alex,
>
>> The inner TLS packet is matched by
>> <Handler Client-Identifier="wlancontroller", TunnelledByPEAP=1>
>> but in case we want to have multiple SSIDs using PEAP-something we can't
>> distinguish the inner request because the Called-Station-Id isn't
>> included in the inner request.
>>
>> Is there an option which attributes get copied to the inner request packet?
> You can use PreHandlerHook. It is now documented in 4.9 ref.pdf too:
>
>   5.20.65 PreHandlerHook
>   For EAP types that carry inner requests (such as PEAP, TTLS, FAST
>   etc), specifies a Perl hook to be called before the inner request
>   is redispatched to a matching Realm or Handler.
>
>
> In the outer Handler do something like this:
>
> PreHandlerHook sub { \
>   my $tp = ${$_[0]}; \
>   $tp->add_attr('Called-Station-Id', \
>                 $tp->{outerRequest}->get_attr('Called-Station-Id')); \
>   };
>
> tp stands for tunnelled packet. It can be manipulated with
> PreHandlerHook from the outer Handler.
>
> Thanks!
> Heikki
>
>


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

More information about the radiator mailing list