[RADIATOR] Proxy'ing Client-Identifier to "slave" RADIUS processes

[Johnson, Neil M]

Heikki,

I'm having trouble with PEAP and TTLS authentication and using the
OSC-Client-Identifier attribute.

I'm trying to use multiple <Handler> Requests with both the
OSC-Client-Identifier  and TunneledByPEAP=1/TunneledByTTLS=1 selectors.

It appears that when the Outer handler re-dispatches the request for
processing by the PEAP and TLS inner Handlers that the
OSC-Client-Identifier attribute is not also sent.

Unless I have a "default" PEAP and TTLS Handler configured I get a "AuthBy
LSA result: REJECT, No Handler for PEAP inner Authentication" error.

Thanks.
-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-johnson at uiowa.edu






On 1/28/13 12:13 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:

>On 01/28/2013 07:42 PM, Johnson, Neil M wrote:
>
>> Is there a way to pass the "Client-Identifier" to another RADIATOR
>> process ? Perhaps as an RADIUS Attribute ?
>
>There were already a number of good ideas, so I'll just suggest one
>attribute you could use. OSC-Client-Identifier has been in the
>dictionary for years, so that might be the easiest to use. No dictionary
>modifications needed provided you use version 4.0 or later.
>
>Something like this should do it:
>
> AddToRequest OSC-Client-Identifier=%{Client:Identifier}
>
>Thanks,
>Heikki
>
>-- 
>Heikki Vatiainen <hvn at open.com.au>
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator