[RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS

Christian Kratzer ck-lists at cksoft.de
Tue Feb 24 05:12:33 CST 2015

Hi Sami,

We made progress with our setup thanks to your previous tips.

We now have following setup simplyfied a bit:

     <Handler TunnelledByPEAP=1>
 	    Identifier TunnelledByPEAP=1
 	    AuthByPolicy ContinueWhileAccept
 	    AuthBy SQLauthenticate
 	    AuthBy INTERNALextractFunnyStuffFromRequest
 	    AuthBy SQLauthorize

 	    Identifier Outer
 	    AuthBy FILE

the issue we are currently chasing is that the customer also wants
failed authentications to proceed into SQLauthorize so he can possible
put people into a walled garden with specific reply attributes.

The issue seems to be that when MS-CHAP2 fails in TunneledByPeap it
seems to kill the EAP session and authentication terminates.

Subsequent packets are not forwarded to the tunneled handler by the
outer handler.

Do you have a suggestion how to accomplish authorization after failed
chap authentication.


Christian Kratzer                   CK Software GmbH
Email:   ck at cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/

More information about the radiator mailing list