Arran Cudbard-Bell wrote: ...
Autz-Type eap-internal { mschap # Grab NT-Password from directory for use in MSChap-V2 ldap # Read Authorisation groups from SQL Server sql }
Which speeds things up a great deal when doing EAP...
In the CVS head, I'm looking into adding a "tunnel is ready for credentials" flag inside of the EAP module. It will normally return "updated" during ssl setup, and "ok" when the current packet needs authentication credentials.
Unfortunately this breaks anything which relies on Packet-Src-IP-Address / Client-IP-Address
As they will be 127.0.0.1 *sigh*
Can you see any way of getting round this ?
Hmm.... src/main/util.c has request_alloc_fake(), which initializes the tunneled request. It may be worth changing it to copy the outer tunnel source/dest IP's and ports. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog