[RADIATOR] Perl expressions

Heikki Vatiainen hvn at open.com.au
Wed Oct 23 15:24:02 CDT 2013

On 10/23/2013 08:14 PM, Michael Hulko wrote:

> Thanks for the clarification... I was able to do as suggested.  However,
>  I am finding that evaluating check items in Handlers using Vendor VSAs
>  are a hit or miss.

There should not be any difference in Vendor and IANA (non-Vendor)
attributes. Both are looked up and treated the same when e.g, choosing
the Handler.

> I have in my config...
> <Handler Client-Identifier = ONCAMPUS, Aruba-Port-Identifier =
> <controller-address>:0/11>  ----->  This works fine !
> <Handler TunnelledByPeap=1, Client-Identifier=ONCAMPUS, Realm=uwo.ca>
>  --------> This works fine !
> <Handler TunnelledByPeap=1, Client-Identifier=ONCAMPUS, Realm=uwo.ca,
> Aruba-Essid-Name=<ssid of choice> ------->  FAILS !!!

The reason here is likely that nothing adds Aruba-Essid-Name in the
inner request. If you watch Trace 4 log, you can see what goes in the
request describing the tunnelled request. Some basic attributes go, but
VSAs by default do not.

This one-liner in the outer AuthBy should help:

PreHandlerHook sub {my $p = ${$_[0]}; $p->add_attr('Aruba-Essid-Name',

The trace 4 log should now show that the tunnelled request has

Apparently Aruba-Port-Identifier was in the Handler that picks up the
request from the NAS, not inner request?

> My dictionary file has all the Aruba VSA's defined..
> other testing shows that it works with Some VSA's but not all...

Maybe the ones that did not work are handlers for inner requests?


Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list