Using EXEC authentication sources

Alan DeKok aland at deployingradius.com
Fri Oct 4 15:29:36 CEST 2019


On Oct 4, 2019, at 9:21 AM, Nate . <nate2077developer at gmail.com> wrote:
> 
> The Calling-Station-ID shows up in the outer portion, eap & "default", but
> not the inner-tunnel. I just don't understand how I'm supposed to set a
> custom variable to pass to the inner tunnel for use like this.

  You don't.  You read "man unlang", which tells you how to reference an outer attribute from the inner-tunnel.  Instead of

	Calling-Station-Id

do

	outer.request:Calling-Station-Id

  There examples of this kind of thing all through the default configuration files, including "inner-tunnel".

> I'll have to look at the python module when I have the free time, sounds
> much nicer than what I'm being told to do.. I'm required to use PHP for
> this job, so I can't just go with the python module unless it was
> warranted unfortunately. I've expressed my concerns about the security of
> this method, but they do not care and want it done this way. Their argument
> is that the server will be locked down with hardware only access once it is
> completed. My task is simply to collect the user login and device identity,
> passing it onto their secondary system for processing, then it will respond
> with Ok or Fail.

  Exec also has performance issues.  But if they prefer PHP to Python, they don't care about that either.

  Alan DeKok.




More information about the Freeradius-Users mailing list