On 07/03/11 12:18, paul smith wrote:
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message would mean that it wouldn't run if it had been through the default only, such as EAP-TLS. Is there something else I could use which would indicate if inner-tunnel had been used?
The only think I can think is to set a reply variable in the inner-tunnel, then check for it in the outer tunnel: raddb/sites-enabled/inner-tunnel: post-auth { update reply { My-Var = "inner-tunnel" } the-exec } raddb/sites-enabled/default: post-auth { if (reply:My-Var == "inner-tunnel") { } else { the-exec } } raddb/dictionary: ATTRIBUTE My-Var 3001 string raddb/eap.conf: eap { ... peap { ... use_tunneled_reply = yes } ttls { ... use_tunneled_reply = yes } }