Hi Phil, Thanks for your reply. Please see below.
On 07/11/11 16:24, Panagiotis Georgopoulos wrote:
Hello all,
I have a policy in my post-auth that calculates a hash function based on the real-identify of the user. The idea is that if the request is EAP-TTLS then I want to use the User-Name property of the inner tunnel, whereas if the request is for EAP-TLS I want to use the BUF-Name (if I've got it correctly).
BUF-Name is not a standard attribute.
You are right, I just "grabbed" that from the debug output. I guess TLS-Client-Cert-CN is far more appropriate.
How do I determine in my policy whether we are doing EAP-TLS or EAP-TTLS? Can anyone help with that 'if' I am looking for?
I'm not clear on exactly what you want. Perhaps you could explain in more detail?
Possibly something like:
post-auth {
if (EAP-Type == EAP-TTLS) { update reply { My-Hash := "%{md5:%{reply:User-Name}}" } }
elsif (EAP-Type == EAP-TLS) { update reply { My-Hash := "%{md5:%{TLS-Cert-Subject}}" } }
}
...is what you're looking for?
This is exactly what I was looking for! I didn't know that 'EAP-Type' holds the authentication type. That will do the job. Thanks a lot, Panos