Add FreeRADIUS-Proxied-To == 127.0.0.1 as a check item. Ivan Kalik Kalik informatika ISP
Dana 19/2/2008, "Gong Cheng" <[EMAIL PROTECTED]> piše: >Hi folks, > I am working on an issue like this: > >In my users file, I have > >user1 > attribute1=val1 > >user2 > attribute2=val2 > >DEFAULT > attribute1=def_val1 > attribute2=def_val2 > > > >My intention is that >- for individual users, like user1 and user2, I will get individual attributes >I specified in their dedicated entries, >- and for everybody else, I will get a default set of attributes. > >That has a problem with the 2-phase EAP methods like PEAP/EAP-TTLS. The reason >is, in the first phase, the outer Identity, say "anonymous", is used and it >hits the DEFAULT entry and acquires the default set of attributes, and then it >proceeds to phase 2 and acquires the individual attributes. In the end, >freeradius will combine the two together. > >So, for example, user1 will get > >attribute1=def_val1 >attribute2=def_val2 >attribute1=val1 > >Is there any way so that for the individual users won't acquire any attributes >from DEFAULT when using methods like PEAP/EAP-TTLS? > >A naive solution is to put a check of >DEFAULT User-Name != "anonymous" >..... > >but it is not a reliable way since there is no guarantee that the outer id is >"anonymous". > >I wonder if there is another way to check this in DEFAULT or if there is any >other different trick to do this? > >thanks! > >-gong >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
