Multiple instances of attribute in tunnelled reply

Alan DeKok aland at deployingradius.com
Wed Apr 23 10:15:30 CEST 2008


Arran Cudbard-Bell wrote:
> Hi,
> 
> We formulate our reply inside of the virtual server dealing with EAP and
> send it back to the outer server. This is the only way I could think of
> to insert the Inner identity into the Access-Accept.

	...
	update outer.reply {
		User-Name := "foo"
	}
	...

> It all works
> fine... however it seems there's a bug when dealing with multiple
> instances of the same attribute.

  Ah.... the code in "unlang" was fixed to correct this problem.  The
basic API used in the basic RADIUS library wasn't fixed.

  Ok... I'll take a look at it when I get back from my current trip.

> What's really weird is in the previous rounds of EAP, the attributes
> retain the += operator, it's only in the one where the EAP-Success
> message is returned where all the operators are stripped out.

  Yes.  "copy everything", versus "merge via operators".

  Alan DeKok.



More information about the Freeradius-Users mailing list