Heikki, I'm having trouble with PEAP and TTLS authentication and using the OSC-Client-Identifier attribute.
I'm trying to use multiple <Handler> Requests with both the OSC-Client-Identifier and TunneledByPEAP=1/TunneledByTTLS=1 selectors. It appears that when the Outer handler re-dispatches the request for processing by the PEAP and TLS inner Handlers that the OSC-Client-Identifier attribute is not also sent. Unless I have a "default" PEAP and TTLS Handler configured I get a "AuthBy LSA result: REJECT, No Handler for PEAP inner Authentication" error. Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: [email protected] On 1/28/13 12:13 PM, "Heikki Vatiainen" <[email protected]> wrote: >On 01/28/2013 07:42 PM, Johnson, Neil M wrote: > >> Is there a way to pass the "Client-Identifier" to another RADIATOR >> process ? Perhaps as an RADIUS Attribute ? > >There were already a number of good ideas, so I'll just suggest one >attribute you could use. OSC-Client-Identifier has been in the >dictionary for years, so that might be the easiest to use. No dictionary >modifications needed provided you use version 4.0 or later. > >Something like this should do it: > > AddToRequest OSC-Client-Identifier=%{Client:Identifier} > >Thanks, >Heikki > >-- >Heikki Vatiainen <[email protected]> > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >NetWare etc. >_______________________________________________ >radiator mailing list >[email protected] >http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
