Thats perfect, thanks phil, many thanks for the help. On Mon, Mar 7, 2011 at 1:19 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 07/03/11 12:18, paul smith wrote:
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message would mean that it wouldn't run if it had been through the default only, such as EAP-TLS. Is there something else I could use which would indicate if inner-tunnel had been used?
The only think I can think is to set a reply variable in the inner-tunnel, then check for it in the outer tunnel:
raddb/sites-enabled/inner-tunnel:
post-auth { update reply { My-Var = "inner-tunnel" } the-exec }
raddb/sites-enabled/default:
post-auth { if (reply:My-Var == "inner-tunnel") { } else { the-exec } }
raddb/dictionary:
ATTRIBUTE My-Var 3001 string
raddb/eap.conf:
eap { ... peap { ... use_tunneled_reply = yes } ttls { ... use_tunneled_reply = yes } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html