Heikki,
Error Message in Trace 4 Debug: Mon Jan 28 12:55:02 2013 938128: DEBUG: Handling request with Handler 'OSC-Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i, Realm=/(uiowa\.edu$)/i ', Identifier '' Mon Jan 28 12:55:02 2013 939117: DEBUG: PreProcessing Hook: called. Mon Jan 28 12:55:02 2013 940237: DEBUG: Deleting session for [email protected], 127.0.0.1, Mon Jan 28 12:55:02 2013 941097: DEBUG: Handling with Radius::AuthLSA: Mon Jan 28 12:55:02 2013 942287: DEBUG: Handling with EAP: code 2, 6, 96, 25 Mon Jan 28 12:55:02 2013 943113: DEBUG: Response type 25 Mon Jan 28 12:55:02 2013 944861: DEBUG: EAP PEAP inner authentication request for Mon Jan 28 12:55:02 2013 946176: DEBUG: PEAP Tunnelled request Packet dump: Code: Access-Request Identifier: UNDEF Authentic: <209><152><247>m<197><187><210>K0f<22><146><134><204><2>{ Attributes: EAP-Message = <2><6><0><21><1>[email protected] Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" User-Name = "" Mon Jan 28 12:55:02 2013 948535: DEBUG: EAP result: 1, No Handler for PEAP inner authentication Mon Jan 28 12:55:02 2013 949427: DEBUG: AuthBy LSA result: REJECT, No Handler for PEAP inner authentication Mon Jan 28 12:55:02 2013 950295: INFO: Access rejected for [email protected]: No Handler for PEAP inner authentication Mon Jan 28 12:55:02 2013 951305: DEBUG: PostProcessing Hook: called. Mon Jan 28 12:55:02 2013 952703: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 51903 .... Code: Access-Reject Identifier: 10 Authentic: <240><146><195>;<236><146>?<168><11><218>K<7>a<203>ck Attributes: Reply-Message = "Request Denied" Note I tried adding: AddToRequest OSC-Client-Identifier=%{Client:Identifier} To the Outer Handler section, but it didn't work. Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: [email protected] On 1/28/13 1:36 PM, "Johnson, Neil M" <[email protected]> wrote: >Heikki, > >I'm having trouble with PEAP and TTLS authentication and using the >OSC-Client-Identifier attribute. > >I'm trying to use multiple <Handler> Requests with both the >OSC-Client-Identifier and TunneledByPEAP=1/TunneledByTTLS=1 selectors. > >It appears that when the Outer handler re-dispatches the request for >processing by the PEAP and TLS inner Handlers that the >OSC-Client-Identifier attribute is not also sent. > >Unless I have a "default" PEAP and TTLS Handler configured I get a "AuthBy >LSA result: REJECT, No Handler for PEAP inner Authentication" error. > >Thanks. >-Neil > >-- >Neil Johnson >Network Engineer >The University of Iowa >Phone: 319 384-0938 >Fax: 319 335-2951 >Mobile: 319 540-2081 >E-Mail: [email protected] > > > > > > >On 1/28/13 12:13 PM, "Heikki Vatiainen" <[email protected]> wrote: > >>On 01/28/2013 07:42 PM, Johnson, Neil M wrote: >> >>> Is there a way to pass the "Client-Identifier" to another RADIATOR >>> process ? Perhaps as an RADIUS Attribute ? >> >>There were already a number of good ideas, so I'll just suggest one >>attribute you could use. OSC-Client-Identifier has been in the >>dictionary for years, so that might be the easiest to use. No dictionary >>modifications needed provided you use version 4.0 or later. >> >>Something like this should do it: >> >> AddToRequest OSC-Client-Identifier=%{Client:Identifier} >> >>Thanks, >>Heikki >> >>-- >>Heikki Vatiainen <[email protected]> >> >>Radiator: the most portable, flexible and configurable RADIUS server >>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >>NetWare etc. >>_______________________________________________ >>radiator mailing list >>[email protected] >>http://www.open.com.au/mailman/listinfo/radiator > >_______________________________________________ >radiator mailing list >[email protected] >http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
