I'm still not able to navigate through the values that the modules are holding. Are there any other pointers in regards to finding where EAP-Type is nested? I cannot figure out how to even access the EAP module from inside inner-tunnel.
Regards, Nathan Van Fleet Telecommunications Analyst Network Assessment and Integration IITS Concordia University (514) 848-2424 Extension:5434 > -----Original Message----- > From: freeradius-users- > [email protected] > [mailto:freeradius-users- > [email protected]] On Behalf Of > Arran Cudbard-Bell > Sent: Tuesday, September 15, 2009 4:18 PM > To: FreeRadius users mailing list > Subject: Re: Using Attributes to differentiate between different EAP types > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 15/09/2009 20:57, Nathan McDavit-Van Fleet wrote: > > Hrmm, > > > > Now that it's parsing I find that it doesn't work in terms of actually > > evaluating the EAP-Type. > > > > For if (control.EAP-Type==21) and (outer.control.EAP-Type==21) I always > get > > a false even though I am testing for TTLS (21). > > Erm... What.. > > if("%{control:EAP-Type}" == '21') > > if("%{outer.control:EAP-Type}" == '21') > > The list/attribute separator has always been a colon. Alan did some work > to make naked variable expansion work, but I still generally stick to the > double quoted curly braces consistency, or munging > variables together. > > Don't worry about mixing types, the server just looks at the attribute > type when doing conversions. > > > > > Is there some way to just have the value thrown into the debug output so > I > > can see what it is at that moment? > > > > Yes > > update request { > Tmp-String-0 := "%{outer.control:EAP-Type}" > } > > > Pretty sure you'll also have to have the 'Proxy as EAP' option set in the > outer tunnel to get the inner EAP type... Else just insert a policy at the > end of the authorize{} section in the inner tunnel > to look at control:Auth-Type... > > Oh and remember to include cases for Identity-Responses and NAKs else > you'll break things in weird and interesting ways :) > > - -Arran > > > > > >> -----Original Message----- > >> From: freeradius-users- > >> [email protected] > >> [mailto:freeradius-users- > >> [email protected]] On Behalf Of > >> Nathan McDavit-Van Fleet > >> Sent: Tuesday, September 15, 2009 1:05 PM > >> To: 'FreeRadius users mailing list' > >> Subject: RE: Using Attributes to differentiate between different EAP > types > >> > >> Okay, > >> > >> Probably everone but me knew this but" > >> If(blah == blah2) > >> { > >> > >> Doesn't work. > >> > >> You have to do > >> > >> If(blah == blah2) { > >> > >> So no returns for the first curly bracket or it won't parse out. > >> > >> Sorry, > >> > >> Nathan Van Fleet > >> > >>> -----Original Message----- > >>> From: freeradius-users- > >>> [email protected] > >>> [mailto:freeradius-users- > >>> [email protected]] On Behalf Of > >>> Ivan Kalik > >>> Sent: Tuesday, September 15, 2009 12:13 PM > >>> To: FreeRadius users mailing list > >>> Subject: RE: Using Attributes to differentiate between different EAP > >> types > >>> > >>>> I'm trying the following code, I've tried most every variation > >>>> ("request:EAP-Type", "request.EAP-Type","EAP-Type","outer.EAP-Type".) > >>> but > >>>> freeradius does not even parse the configuration. I've tried %{} and > >>> just > >>>> the bare variables (which works for "outer.NAS-IP-Address"). > >>> > >>> It's the internal attribute (for local server use), so it should be on > >> the > >>> control list (control.EAP-Type). > >>> > >>> Ivan Kalik > >>> Kalik Informatika ISP > >>> > >>> - > >>> List info/subscribe/unsubscribe? See > >>> http://www.freeradius.org/list/users.html > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - -- > Arran Cudbard-Bell <[email protected]>, > Systems Administrator (AAA), > Infrastructure Services (IT Services), > E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT > DDI+FAX: +44 1273 873900 | INT: 3900 > GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkqv9mIACgkQcaklux5oVKL1RQCaA+QcE47BGJVD/8QbIaRGmguN > dpcAn1MC+D/xzXKhfxJUcIjwQewl360d > =Kh5N > -----END PGP SIGNATURE----- > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
