On 30/05/18 17:15, Dom Latter wrote:
On 30/05/18 17:07, Alan Buxey wrote:
Just use inland to copy the stuff to outer: when in inner. The default inner-tunnel had such an example
Yes, the copying back works as long as the inner-tunnel authentication works. If the user is rejected then the username does not get passed back, although the failure message does.
I put this in the inner tunnel post-auth section: update outer.session-state { &User-Name = &User-Name } mods-enabled/linelog has something like: Access-Accept = "%S %{reply:Packet-Type} %{%{session-state:User- Name}:-%{%{reply:User-Name}:-%{request:User-Name}}} %{Calling- Station-Id} <snip the rest> mods-config/sql/main/mysql/queries.conf has sql_user_name = "%{%{session-state:User-Name}:-%{%{reply:User-Name}:-% {request:User-Name}}}" and that seems to more or less do the job. The SQL query that is part of the post-authentication in the "outer" layer now uses: WHERE u.username = '%{%{reply:User-Name}:-%{request:User-Name}}' which again seems fine. I read something in the list archive about it being a bad idea to use "use_tunneled_reply" when using mschapv2 - should I worry about this?