Re: How to add new configuration attributes

Thu, 06 Feb 2003 14:50:42 -0800

Hi Alan,
Good point, I'll back up a little. The EAP type I'm working on is EAP-SIM, currently in draft state. After EAP/Response/Identity I send EAP/Request/SIM/Start, and the client returns EAP/Response/SIM/Start. My next step is to send EAP/Request/SIM/Challenge, but first I need to get a configurable amount of authentication data from an HLR. That is, rlm_eap_sim needs to know how much data to ask for. At first I thought I needed to allow the amount of data to be configured per client realm (my first question earlier), but after doing some more homework it's probably OK to configure it per node (my second question). I'm still curious if it's possible to add new config parameters to a client entry in clients.conf. (proxy.conf looks unnecessary now.) Let me know if you have another suggestion for that kind of behavior. As for adding a new parameter to radiusd.conf, I can study EAP-TLS to see how that works.

Thanks,
Dave

Alan DeKok wrote:

Dave Mason <[EMAIL PROTECTED]> wrote:

I have two questions about adding new attributes to configuration data.

1) I would like to be able to add my own attributes to the realm entries in clients.conf and proxy.conf. Is this possible?


 Sure, if you edit the source code.  But why would it be a good idea?





What I have in mind 
would like something like this, for clients.conf:



client some.host.org {

    secret        = testing123

    shortname    = localhost

    myAttribute  = someValue

}



Then I would need a way to read that from within an RLM module, in my 
case an EAP sub-module.




 You're talking about a solution, not a problem.  Describe the
problem, and we can probably come up with a better solution.





2) To implement my new EAP type, I may also need to define a config 
parameter in radiusd.conf that would apply to all authentication 
sessions at that RADIUS server for that EAP type.




 That's what the module configuration is for.





It appears EAP-TLS 
already does this, but a quick checklist of things to implement would 
help.  My radiusd.conf would look like this:



eap {

    default_eap_type = newType

    timer_expire = 60

    md5 {

    }

    newType {

        newAttribute = someValue

    }

}





 That's nice, but what problem are you trying to solve?



 Alan DeKok.









- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to