On Aug 29, 2016, at 5:34 AM, Tim Baledorion <timbaledorion@hotmail.com> wrote:
I will try to rephrase my question according to your advices.
I asked you to explain what you meant by "node" and "node identifier". You haven't done that.
To authenticate host in a network i'm using a Proxy Radius chain. The first element of this chain is named a Node and has a node identifier.
What is a "node identifier" ?
Host are connecting to the network via NAS and the Radius Server configured in the NAS is the node radius.
The host and the NAS don't know about the node identifier.
You've just giving the same explanation as the previous message. Why do you think this is a good idea?
I have add a node file under /etc/raddb/policy.d/ and invoked it in /etc/raddb/sites-available/default
node.pre-proxy { if ("%{request:Packet-Type}" == 'Access-Request') { update proxy-request { &NET-NodeID == "ndid-00000001"
Where is that attribute defined? If you edited raddb/dictionary, did you *READ* the comments in that file?
but when using PEAP-MSCHAPv2 authentication model the NET-NodeID item doesn't appear in the Access-Request sent to the inner-tunnel.
Is it supposed to be there? Why do you think it's supposed to be there? A proxy *cannot* modify the data inside of a TLS tunnel. TLS is designed to prevent this...
I join the file containing the full authentication log for a request coming from node with identifier ndid-00000001 in NET-NodeID
Don't attach the debug log. Include it in the message. And PLEASE follow instructions. It's "radiusd -X", not "radiusd -Xx", or "radiusd -xxxxxxxx".
Once again thank you for your support. I did my best to answer your request and give you a better view. Let me know if it is not enough.
Read the documentation and follow it. That helps a lot. Alan DeKok.