3 May
2007
3 May
'07
3:49 p.m.
Matt Ashfield wrote:
Hi All I doubt my original post was doable, , it probably doesn't make sense to ask FR to be able to force Inner=Outer identity.
In that case, would it be possible to perform authorization based on the Inner identity instead of the Outer identity?
Sure. See the "copy_request_to_tunnel" (which you may need) and "use_tunneled_reply" (which you will need) config option on the particular EAP type you're using, and put something like this into play: DEFAULT Freeradius-Proxied-To == 127.0.0.1, Autz-Type = "INNER" ...then in authorize: authorize { preprocess files Autz-Type INNER { sql/ldap/files_2/whatever adds the vlan tag } }