On 17 Nov 2011, at 19:15, Houston-III, Lester L wrote: > Thanks for the responses. I see that I need to devise a different way of > getting the data across. At the very least I have the ground work done with > EAP and maybe I can implement a VSA sometime later. > > -----Original Message----- > From: > freeradius-users-bounces+lester.l.houston-iii=boeing....@lists.freeradius.org > [mailto:freeradius-users-bounces+lester.l.houston-iii=boeing....@lists.freeradius.org] > On Behalf Of Alan DeKok > Sent: Thursday, November 17, 2011 5:15 AM > To: FreeRadius users mailing list > Subject: Re: EAP-TLS Attributes > > Houston-III, Lester L wrote: >> Basically, I want to provide some data that's obtained from an external >> source to my VPN client that is made available to JRADIUS via FreeRADIUS. I >> need this data to be available for the authorization phase because it will >> be used by JRADIUS for determining whether a user is authorized for access. >> I haven't gotten much information about the data that needs to be >> transmitted, but I was told that its 20-30 bytes > > EAP doesn't work like that. :( > > It's not a generic transport mechanism for sending data from point A > to point B. The data sent in EAP is defined by the protocol. Nothing > else is sent, and nothing else *can* be sent.
According to Alan, attributes included in the Diameter tunnel within EAP-TTLS are automatically converted into RADIUS attributes. I honestly can't remember if TTLS allows for validation of the client certificate when setting up the TLS tunnel, but if it does, then that would probably be your best bet. If it doesn't, then you could always run EAP-TLS within EAP-TTLS which would be supported by FreeRADIUS without code modifications. You would however have to modify the supplicant. -Arran Arran Cudbard-Bell [email protected] Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
