On 28/04/15 12:09, Arran Cudbard-Bell wrote:
On 28 Apr 2015, at 10:36, Herwin Weststrate <herwin@quarantainenet.nl> wrote:
On 28-04-15 11:28, Gerald Vogt wrote:
debug output is usually so long...
The inner-tunnel contains these three lines at the beginning of the authorize section:
update request { Called-Station-SSID := &outer.Called-Station-SSID }
This is debug output of one request until before the inner eap. I suppose it contains everything to show that the copy doesn't work...
I've always used the following syntax:
update request { Called-Station-SSID := &outer.request:Called-Station-SSID }
Mind the extra "request:"
It shouldn't matter, the default list should be request.
If outer.Called-Station-SSID doesn't work and outer.request:Called-Station-SSID doesn't, then it's a bug.
Both outer.Called-Station-SSID and outer.request:Called-Station-SSID show the same when used in the above "update request" section. I don't get the SSID into the inner tunnel. So any other idea how to get this attribute from the default server into the inner tunnel?? Thanks, Gerald On a sidenote: looking at RFC 3580 I have noticed that rewrite_called_station_id is not following the RFC recommendation. The RFC says: 3.20. Called-Station-Id For IEEE 802.1X Authenticators, this attribute is used to store the bridge or Access Point MAC address in ASCII format (upper case only), with octet values separated by a "-". Example: "00-10-A4-23-19-C0". In IEEE 802.11, where the SSID is known, it SHOULD be appended to the Access Point MAC address, separated from the MAC address with a ":". Example "00-10-A4-23-19-C0:AP1". Thus stripping the SSID from Called-Station-Id is not what is recommended as "SHOULD". And I don't really see "valid reasons in particular circumstances to ignore" this recommendation either. IMHO, rewrite_called_station_id should keep the SSID in place.