Re: force eap-type

Wed, 23 Feb 2005 04:30:24 -0800 

On Wed, 23 Feb 2005, Marc-Henri Boisis-Delavaud wrote:

In fact I want to associate eap-type to the private-group-id attribute like this
if private-group-id==1
then EAP-Type=EAP-TTLS

if private-group-id==1
then EAP-Type=EAP-PEAP

but users file is not read between authorize and authenticate 


YES it does!

How can I do ?

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras        Network Operations Center
[EMAIL PROTECTED]    National Technical University of Athens, Greece
Work Phone:        +30 210 7721861
'Go back to the shadow'    Gandalf

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 

I have write this in users:
DEFAULT Tunnel-Private-Group-ID == "1",EAP-Type := EAP-TLS


Tunnel-Private-Group-ID is a request item in this case


And this in radiusd.conf:
authorize {
      ldap        files
      eap
  }
authenticate {
  eap
}

and this is the return:

rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-ID, value 1 & op=11 

That's a reply item.

rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value IEEE-802 & op=11
rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11
rlm_ldap: user mdelavau authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 10
modcall[authorize]: module "files" returns notfound for request 10

...and the users file does not match. I would suggest using the new rlm_policy. Something like:

policy authorize {
        if (%{reply:Tunnel-Private-Group-ID} == "1"){
                control .= {
                        EAP-Type = EAP-TLS
                }
        }
}

modcall: group authorize returns updated for request 10
rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap

As we can see no match on users apears .....?

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to