On 28/04/15 14:07, Alan DeKok wrote:
On Apr 28, 2015, at 7:36 AM, Gerald Vogt <vogt@spamcop.net> wrote:
The default server has the Called-Station-Id attribute, it does correctly extract the SSID from the Id and it correctly puts it into the Called-Station-SSID. I even do some checks in unlang based on that SSID in the outer server and they show results as expected.
Hmm... the TTLS / PEAP code only copies over RADIUS *protocol* attributes. It doesn't copy anything else. I suppose that should be documented better.
So I suppose in that context the attribute exists. But it doesn't go into the inner tunnel. Neither by means of the eap module copy_request_to_tunnel=yes nor by the added "update request" in the inner tunnel.
You should be able to do:
update request { Called-Station-SSID := &outer.request:Called-Station-SSID }
It doesn't work. I have tried that and update request { Called-Station-SSID := &outer.Called-Station-SSID } at the beginning of the inner-tunnel authorize section and neither gets any value in the inner tunnel.
If that doesn't work, it's likely a bug.
So it's a bug, I guess.
Yes. I know that. That's how I did it in the beginning. My own "ssid" policy does not modify Called-Station-Id and thus I could extract the SSID in the inner tunnel as well.
Just run the policy in the inner tunnel, not the outer one.
I need the SSID in the outer server, too. So I guess it's back to square one and I better use my own policy which simply extracts the SSID. That policy I can use on both servers... -Gerald