EAP authentication and DHCP
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Sep 27 18:00:04 CEST 2015
> On 27 Sep 2015, at 11:16, HernĂ¡n Freschi <hjf at hjf.com.ar> wrote:
>
> On Sun, Sep 27, 2015 at 11:13 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
>>
>>> By default the post-auth module writes two
>>> records to the radpostauth table: one, from the anonymous identity with the
>>> Calling-Station-ID set to the MAC address, and another, for the tunneled
>>> identity, with an empty calling ID.
>>
>> You can fix that by editing the configuration files. That's why they're text.
>
> Right now the rule I'm using is " if (!request:Calling-Station-Id ) "
> which seems to work for my AP, but is there a better attribute i
> should be matching on? Some sort of
> "This-Is-An-Internal-Tunnel-EAP-Request==Yes" ?
>
> Or better yet: how can I dump the attributes in a request when debugging?
"%{debug_attr:request:}"
In >= v3.0.x
It's not possible in v2.
Also if you're using v3 you can use the cache module to store various attributes and share them between the two protocols (assuming you're using FreeRADIUS for DHCP).
If this is on a local network without you may want to look at use v3.1.x.
v3.1.x now works correctly with broadcast DHCP packets with no additional configuration. The previous versions (2.2.x, v3.0.x) required you to specify the src_ipaddr of the server in the listen section, or specify it at runtime using various attributes.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150927/d3df12a6/attachment.sig>
More information about the Freeradius-Users
mailing list