On 05/23/2011 12:46 PM, Roel Hoek wrote: > We are in a process of migrating our radius servers to another host. On > the old host we are running Radiator 3.17.1. On de new host we run 4.8 > > On the old server we make use of TunnelledByTTLS=0 to differentiate > between inner (TTLS,PEAP) and outer EAP authentication.:
You are correct, somewhere between 3.17.1 and 4.8 Handler check changed. Note that even with 3.17.1 TunnelledByTTLS was never 0. It was either not defined at all (undef) or had a value that was larger than 0. So it was a bit incorrect to make the implication that if TunnelledByTTLS can be 1, it can also be 0. The solution you have found (reorder handlers and remove TunnelledByTTLS=0) is correct and will work also with older versions including 3.17.1. Thanks for highlighting this change! Heikki > <Handler Realm=fake.net, > Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByTTLS=0> > <AuthBy FILE> > EAPType TTLS,PEAP > > EAPTLS_CAFile /etc/radiator/pki/CAs/661141457_chain.pem > . > . > . > </AuthBy> > </Handler> > > <Handler Realm=/fake.net/, > Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByTTLS=1> > . > . > </Handler> > > > <Handler Realm=/fake.net/, > Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByPEAP=1> > . > . > </Handler> > > It looks like TunnelledByTTLS is not set anymore and the right handler > can not be selected. > > The problem can easily solved by changing the Handler order and remove > Handler check attribute TunnelledByTTLS=0. > > > _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
