On Wed, Aug 28, 2013 at 03:46:53PM +0100, Arran Cudbard-Bell wrote:
> OK. Just wondering if you could really get it down to a single lookup, IIRC
> you needed the 'known good' NT-Password data for a couple of rounds of
> MSCHAPv2?
with
if ( (EAP-Type == Identity) || (EAP-Type == NAK) || (EAP-Message =~
/^0x02..00061a..$/) ) {
default = return
}
The only lookup happens on the pass just above the ^EAP-TLS message. Each
^Authorize: line is one Access-Request. The others are Identity, NAK or empty
EAP-Response 0x02..00061a..
Authorize: User=test EAP-Type=Identity Packet-Type=Access-Request Proxy=
VIRT=default
Authorize: User=test EAP-Type=Identity Packet-Type=Access-Request Proxy=LOCAL
VIRT=inner-tunnel
Authorize: User=test EAP-Type=NAK Packet-Type=Access-Request Proxy=LOCAL
VIRT=inner-tunnel
Authorize: User=test EAP-Type=MS-CHAP-V2 Packet-Type=Access-Request Proxy=LOCAL
VIRT=inner-tunnel
EAP-TLS: User=test EAP-Type=MS-CHAP-V2 outer.EAP-Type=PEAP
EAP-Message=0x0209004... Packet-Type=Access-Request Proxy=LOCAL
VIRT=inner-tunnel
Authorize: User=test EAP-Type=MS-CHAP-V2 Packet-Type=Access-Request Proxy=LOCAL
VIRT=inner-tunnel
Post-Auth: User=test EAP-Type=MS-CHAP-V2 EAP-Message=0x030a0004
Packet-Type=Access-Accept, VIRT=inner-tunnel
Post-Auth: User=test EAP-Type=PEAP EAP-Message=0x030b0004
Packet-Type=Access-Accept, VIRT=default
Post-Auth: User=test EAP-Type=PEAP EAP-Message=0x030b0004
Packet-Type=Access-Accept, VIRT=default
mk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
