Re: force eap-type
This is a discussion on Re: force eap-type within the FreeRADIUS Users forums, part of the Networking and Network Related category; On Wed, 23 Feb 2005, Marc-Henri Boisis-Delavaud wrote: >>> In fact I want to associate eap-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-23-2005
|
|||
|
|||
Re: force eap-type
On Wed, 23 Feb 2005, Marc-Henri Boisis-Delavaud wrote:
>>> In fact I want to associate eap-type to the private-group-id attribute >>> like this >>> if private-group-id==1 >>> then EAP-Type=EAP-TTLS >>> >>> if private-group-id==1 >>> then EAP-Type=EAP-PEAP >>> >>> but users file is not read between authorize and authenticate >> >> >> YES it does! >> >>> How can I do ? >>> >>> - List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> -- >> Kostas Kalevras Network Operations Center >> kkalev@noc.ntua.gr National Technical University of Athens, Greece >> Work Phone: +30 210 7721861 >> 'Go back to the shadow' Gandalf >> >> - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > I have write this in users: > DEFAULT Tunnel-Private-Group-ID == "1",EAP-Type := EAP-TLS Tunnel-Private-Group-ID is a request item in this case > > And this in radiusd.conf: > authorize { > ldap files > eap > } > authenticate { > eap > } > > and this is the return: > > rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-ID, value > 1 & op=11 That's a reply item. > rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value IEEE-802 > & op=11 > rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11 > rlm_ldap: user mdelavau authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 10 > modcall[authorize]: module "files" returns notfound for request 10 ....and the users file does not match. I would suggest using the new rlm_policy. Something like: policy authorize { if (%{reply:Tunnel-Private-Group-ID} == "1"){ control .= { EAP-Type = EAP-TLS } } } > modcall: group authorize returns updated for request 10 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 10 > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > > As we can see no match on users apears .....? > > - List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center kkalev@noc.ntua.gr National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
