2012/6/6 Matthew Newton <mcn4@leicester.ac.uk>:
On Wed, Jun 06, 2012 at 10:28:27AM -0300, Sergio Belkin wrote:
I've added this files because I like to separate logs when supplicants are using PEAP or TTLS
I'd still use just one file, and filter the logs instead.
Is there a better way of doing that?
There may be several ways. The first one that comes to mind is just pulling the EAP type out of the EAP-Message attributes.
PEAP connections will have an EAP-Message attribute that matches the regexp /^0x........19/, whereas TTLS connections will match /^0x........15/.
Alternatively, and probably easier in the long run, add %{EAP-Type} to linelog, so you get the name directly in your logs. Add it in the outer, and you'll see TTLS or PEAP. Add it in the inner, and you'll see the inner EAP type, such as MS-CHAP-V2.
Good idea, I've tried appending %{EAP-Type) that to detail.log but sending nothing eg: auth-detail-AP-XXX-DEFAULT--20120606 Between "-" and "-" is nothing (Neither TTLS nor PEAP appears)
I want to learn. Sorry but I repeat the question how a module is added? because "files" is statament is present on both files /etc/raddb-testing/sites-enabled/inner-tunnel-peap and /etc/raddb-testing/sites-enabled/inner-tunnel
Apologies - you're right, it is being called.
++[files] returns noop
:-)
Add 'preprocess' to the top of the authorize{} section in your inner-tunnel-peap / inner-tunnel files. That's the module that checks huntgroups.
Thanks guys it dit it! I just realize that modules must be appended in inner-tunnel files to load them :) TIA
Cheers,
Matthew
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> -
-- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org