Vendor attributes not copied to inner tunnel ?
Hi, I'm in a PEAP setup and trying to match the SSID as part of the group_checks. This is an example request coming in : (17) Received Access-Request Id 59 from 192.168.10.237:1645 to 192.168.10.1:1812 length 201 (17) User-Name = "test_pwd_1" (17) Framed-MTU = 1400 (17) Called-Station-Id = "0000.0000.0000" (17) Calling-Station-Id = "0000.0000.0000" (17) Cisco-AVPair = "ssid=TestMain" (17) Service-Type = Login-User (17) Message-Authenticator = XXX (17) EAP-Message = XXX (17) NAS-Port-Type = Wireless-802.11 (17) NAS-Port = 542 (17) NAS-Port-Id = "542" (17) State = XXX (17) NAS-IP-Address = 192.168.10.237 As you can see, there is the ssid the user tries to connect to that's included as an Cisco-AVPair and I wanted to be able to match on it Unfortunately it turns out the this attribute is apparently not copied from the outer request to the inner one, despite copy_request_to_tunnel being set to true. I tried parsing it in the default authorize {} using : if (Cisco-AVPair[*] =~ /ssid=(.*)/i) { update request { Called-Station-SSID := "%{1}" } } Hoping that Called-Station-SSID would then be copied. However it's not copied either. Finally I tried adding this in the inner-tunnel authorize {} if (&outer.request:Called-Station-SSID) { update request { &Called-Station-SSID := &outer.request:Called-Station-SSID } } And this indeed seems to work and I can match on it. However I have a couple questions : - Why wasn't the Cisco-AVPair and/or the Called-Station-SSID attributes copied ? Other attrs like Service-Type / Called-Station-Id / ... all are copied properly. - Does it look like the right thing to do ? Cheers, Sylvain Munaut
On Feb 18, 2016, at 11:44 AM, Sylvain Munaut <s.munaut@whatever-company.com> wrote:
Hi,
I'm in a PEAP setup and trying to match the SSID as part of the group_checks.
This is an example request coming in :
Which is heavily edited. It helps to see all of the debug output.
Unfortunately it turns out the this attribute is apparently not copied from the outer request to the inner one, despite copy_request_to_tunnel being set to true.
Which version of FreeRADIUS are you running? It seems to work for 3.0.11. Alan DeKok.
Hi, Thanks for the comment.
Unfortunately it turns out the this attribute is apparently not copied from the outer request to the inner one, despite copy_request_to_tunnel being set to true.
Which version of FreeRADIUS are you running?
It seems to work for 3.0.11.
This was on 3.0.10 which is the latest version in the PPA. I can give 3.0.11 a shot see if that fixes the issue. I'm fairly certain Called-Station-SSID won't be copied because of this : /* * The attribute is a server-side thingy, * don't copy it. */ if ((vp->da->attr > 255) && (((vp->da->attr >> 16) & 0xffff) == 0)) { continue; } But maybe Cisco-AVPair will be. What's weird is that when adding a debug logging at this point in the loop, it looked like the Cisco-AVPair just weren't there at all anymore. Cheers, Sylvain
On Fri, Feb 19, 2016 at 10:14:31PM +0100, Sylvain Munaut wrote:
I'm fairly certain Called-Station-SSID won't be copied because of this :
/* * The attribute is a server-side thingy, * don't copy it. */ if ((vp->da->attr > 255) && (((vp->da->attr >> 16) & 0xffff) == 0)) { continue; }
But maybe Cisco-AVPair will be.
What's weird is that when adding a debug logging at this point in the loop, it looked like the Cisco-AVPair just weren't there at all anymore.
If my memory serves correctly there was something with copy request to tunnel that was fixed recently. But I might have mis-remembered. Try 3.0.11 (or 3.0.x). Cisco-AVPair isn't a server side attribute. However, Called-Station-SSID *is*, so that may not get copied. But &outer.request:... should be fine here. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Hi Matthew,
If my memory serves correctly there was something with copy request to tunnel that was fixed recently. But I might have mis-remembered. Try 3.0.11 (or 3.0.x).
The changelog for 3.0.8 shows "Fix copy_request_to_tunnel issues for tagged attributes." as bugfix. But 3.0.10 would have this fix. I tried 3.0.11 but with the exact same results. I put the full request log with 3.0.11 at the end of the mail for reference.
But &outer.request:... should be fine here.
Yup, seems to work fine so I'll stick with that for now. Cheers, Sylvain (8) Received Access-Request Id 50 from 192.168.1.237:1645 to 192.168.1.1:1812 length 195 (8) User-Name = "pwd1" (8) Framed-MTU = 1400 (8) Called-Station-Id = "0000.0000.0000" (8) Calling-Station-Id = "0000.0000.0000" (8) Cisco-AVPair = "ssid=TestMain" (8) Service-Type = Login-User (8) Message-Authenticator = 0x0ab950b182f03feef9d95e73cf4ad55c (8) EAP-Message = 0x0209002b190017030100202bf0918ac6a9599c50ea424017c1b908b9e9e593fb9e7ed474a350f8920d61d9 (8) NAS-Port-Type = Wireless-802.11 (8) NAS-Port = 591 (8) NAS-Port-Id = "591" (8) State = 0x15a90c2012a015839a62d961a44b0787 (8) NAS-IP-Address = 192.168.1.237 (8) session-state: No cached attributes (8) # Executing section authorize from file /tmp/we/radius/_root/etc/raddb/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (!&User-Name) { (8) if (!&User-Name) -> FALSE (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@.*@/ ) { (8) if (&User-Name =~ /@.*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) policy rewrite_called_station_id { (8) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) { (8) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE (8) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) { (8) update request { (8) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (8) --> 00-00-00-00-00-00 (8) &Called-Station-Id := 00-00-00-00-00-00 (8) } # update request = noop (8) if ("%{8}") { (8) EXPAND %{8} (8) --> (8) if ("%{8}") -> FALSE (8) [updated] = updated (8) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated (8) ... skipping else for request 8: Preceding "if" was taken (8) } # policy rewrite_called_station_id = updated (8) policy rewrite_calling_station_id { (8) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (8) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (8) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (8) update request { (8) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (8) --> 00-00-00-00-00-00 (8) &Calling-Station-Id := 00-00-00-00-00-00 (8) } # update request = noop (8) [updated] = updated (8) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (8) ... skipping else for request 8: Preceding "if" was taken (8) } # policy rewrite_calling_station_id = updated (8) if (Cisco-AVPair[*] =~ /ssid=(.*)/i) { (8) if (Cisco-AVPair[*] =~ /ssid=(.*)/i) -> TRUE (8) if (Cisco-AVPair[*] =~ /ssid=(.*)/i) { (8) update request { (8) EXPAND %{1} (8) --> TestMain (8) Called-Station-SSID := TestMain (8) } # update request = noop (8) } # if (Cisco-AVPair[*] =~ /ssid=(.*)/i) = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "pwd1", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 9 length 43 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /tmp/we/radius/_root/etc/raddb/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xc8c11f6dc9c80570 (8) eap: Finished EAP session with state 0x15a90c2012a01583 (8) eap: Previous EAP request found for state 0x15a90c2012a01583, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state phase2 (8) eap_peap: EAP method MSCHAPv2 (26) (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x020900061a03 (8) eap_peap: Setting User-Name to pwd1 (8) eap_peap: Sending tunneled request to inner-tunnel (8) eap_peap: EAP-Message = 0x020900061a03 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "pwd1" (8) eap_peap: State = 0xc8c11f6dc9c805702f87e91a65b22ebd (8) eap_peap: Framed-MTU = 1400 (8) eap_peap: Called-Station-Id := "00-00-00-00-00-00" (8) eap_peap: Calling-Station-Id := "00-00-00-00-00-00" (8) eap_peap: Service-Type = Login-User (8) eap_peap: NAS-Port-Type = Wireless-802.11 (8) eap_peap: NAS-Port = 591 (8) eap_peap: NAS-Port-Id = "591" (8) eap_peap: NAS-IP-Address = 192.168.1.237 (8) eap_peap: Event-Timestamp = "Feb 22 2016 17:43:54 CET" (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x020900061a03 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "pwd1" (8) State = 0xc8c11f6dc9c805702f87e91a65b22ebd (8) Framed-MTU = 1400 (8) Called-Station-Id := "00-00-00-00-00-00" (8) Calling-Station-Id := "00-00-00-00-00-00" (8) Service-Type = Login-User (8) NAS-Port-Type = Wireless-802.11 (8) NAS-Port = 591 (8) NAS-Port-Id = "591" (8) NAS-IP-Address = 192.168.1.237 (8) Event-Timestamp = "Feb 22 2016 17:43:54 CET" (8) WARNING: Outer and inner identities are the same. User privacy is compromised. (8) server inner-tunnel { (8) session-state: No cached attributes (8) # Executing section authorize from file /tmp/we/radius/_root/etc/raddb/sites-enabled/inner-tunnel (8) authorize { (8) if (&outer.request:Called-Station-SSID) { (8) if (&outer.request:Called-Station-SSID) -> TRUE (8) if (&outer.request:Called-Station-SSID) { (8) update request { (8) &Called-Station-SSID := &outer.request:Called-Station-SSID -> 'TestMain' (8) } # update request = noop (8) } # if (&outer.request:Called-Station-SSID) = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "pwd1", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent EAP Response (code 2) ID 9 length 6 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated (8) sql: EXPAND %{User-Name} (8) sql: --> pwd1 (8) sql: SQL-User-Name set to 'pwd1' rlm_sql (sql): Reserved connection (2) (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (8) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pwd1' ORDER BY id (8) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pwd1' ORDER BY id (8) sql: User found in radcheck table (8) sql: Conditional check items matched, merging assignment check items (8) sql: Cleartext-Password := "test" (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (8) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pwd1' ORDER BY id (8) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pwd1' ORDER BY id (8) sql: EXPAND SELECT groupname FROM radusergroup WHERE (username = '%{SQL-User-Name}') or (username = 'ALL') ORDER BY priority (8) sql: --> SELECT groupname FROM radusergroup WHERE (username = 'pwd1') or (username = 'ALL') ORDER BY priority (8) sql: Executing select query: SELECT groupname FROM radusergroup WHERE (username = 'pwd1') or (username = 'ALL') ORDER BY priority (8) sql: User found in the group table (8) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (8) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'wifi_main' ORDER BY id (8) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'wifi_main' ORDER BY id (8) sql: Group "wifi_main": Conditional check items matched (8) sql: Group "wifi_main": Merging assignment check items (8) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (8) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'wifi_main' ORDER BY id (8) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'wifi_main' ORDER BY id (8) sql: Group "wifi_main": Merging reply items (8) sql: Cisco-AVPair += "ssid=TestMain" rlm_sql (sql): Released connection (2) (8) [sql] = ok (8) [expiration] = noop (8) [logintime] = noop (8) } # authorize = updated (8) Found Auth-Type = eap (8) # Executing group from file /tmp/we/radius/_root/etc/raddb/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0xc8c11f6dc9c80570 (8) eap: Finished EAP session with state 0xc8c11f6dc9c80570 (8) eap: Previous EAP request found for state 0xc8c11f6dc9c80570, released from the list (8) eap: Peer sent packet with method EAP MSCHAPv2 (26) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap: Sending EAP Success (code 3) ID 9 length 4 (8) eap: Freeing handler (8) [eap] = ok (8) } # authenticate = ok (8) # Executing section post-auth from file /tmp/we/radius/_root/etc/raddb/sites-enabled/inner-tunnel (8) post-auth { (8) sql: EXPAND .query (8) sql: --> .query (8) sql: Using query template 'query' rlm_sql (sql): Reserved connection (3) (8) sql: EXPAND %{User-Name} (8) sql: --> pwd1 (8) sql: SQL-User-Name set to 'pwd1' (8) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (8) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'pwd1', '', 'Access-Accept', '2016-02-22 17:43:54') (8) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'pwd1', '', 'Access-Accept', '2016-02-22 17:43:54') (8) sql: SQL query returned: success (8) sql: 1 record(s) updated rlm_sql (sql): Released connection (3) (8) [sql] = ok (8) update { (8) &outer.session-state::Cisco-AVPair += &reply:Cisco-AVPair[*] -> 'ssid=TestMain' (8) &outer.session-state::MS-MPPE-Encryption-Policy += &reply:MS-MPPE-Encryption-Policy[*] -> Encryption-Allowed (8) &outer.session-state::MS-MPPE-Encryption-Types += &reply:MS-MPPE-Encryption-Types[*] -> RC4-40or128-bit-Allowed (8) &outer.session-state::MS-MPPE-Send-Key += &reply:MS-MPPE-Send-Key[*] -> 0xd9f718f6b60ec85b37371f878e76bef4 (8) &outer.session-state::MS-MPPE-Recv-Key += &reply:MS-MPPE-Recv-Key[*] -> 0x86ba2d467800ab435f8480cca124daef (8) &outer.session-state::EAP-Message += &reply:EAP-Message[*] -> 0x03090004 (8) &outer.session-state::Message-Authenticator += &reply:Message-Authenticator[*] -> 0x00000000000000000000000000000000 (8) &outer.session-state::User-Name += &reply:User-Name[*] -> 'pwd1' (8) } # update = noop (8) update outer.session-state { (8) MS-MPPE-Encryption-Policy !* ANY (8) MS-MPPE-Encryption-Types !* ANY (8) MS-MPPE-Send-Key !* ANY (8) MS-MPPE-Recv-Key !* ANY (8) Message-Authenticator !* ANY (8) EAP-Message !* ANY (8) Proxy-State !* ANY (8) } # update outer.session-state = noop (8) } # post-auth = ok (8) } # server inner-tunnel (8) Virtual server sending reply (8) Cisco-AVPair = "ssid=TestMain" (8) MS-MPPE-Encryption-Policy = Encryption-Allowed (8) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (8) MS-MPPE-Send-Key = 0xd9f718f6b60ec85b37371f878e76bef4 (8) MS-MPPE-Recv-Key = 0x86ba2d467800ab435f8480cca124daef (8) EAP-Message = 0x03090004 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) User-Name = "pwd1" (8) eap_peap: Got tunneled reply code 2 (8) eap_peap: Cisco-AVPair = "ssid=TestMain" (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (8) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (8) eap_peap: MS-MPPE-Send-Key = 0xd9f718f6b60ec85b37371f878e76bef4 (8) eap_peap: MS-MPPE-Recv-Key = 0x86ba2d467800ab435f8480cca124daef (8) eap_peap: EAP-Message = 0x03090004 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: User-Name = "pwd1" (8) eap_peap: Got tunneled reply RADIUS code 2 (8) eap_peap: Cisco-AVPair = "ssid=TestMain" (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (8) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (8) eap_peap: MS-MPPE-Send-Key = 0xd9f718f6b60ec85b37371f878e76bef4 (8) eap_peap: MS-MPPE-Recv-Key = 0x86ba2d467800ab435f8480cca124daef (8) eap_peap: EAP-Message = 0x03090004 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: User-Name = "pwd1" (8) eap_peap: Tunneled authentication was successful (8) eap_peap: SUCCESS (8) eap_peap: Saving tunneled attributes for later (8) eap: Sending EAP Request (code 1) ID 10 length 43 (8) eap: EAP session adding &reply:State = 0x15a90c201da31583 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /tmp/we/radius/_root/etc/raddb/sites-enabled/default (8) session-state: Saving cached attributes (8) Cisco-AVPair += "ssid=TestMain" (8) User-Name += "pwd1" (8) Sent Access-Challenge Id 50 from 192.168.1.1:1812 to 192.168.1.237:1645 length 0 (8) EAP-Message = 0x010a002b190017030100206926c93f1d3a251469fb2bcf248773ffda9bfd76fd5bc2b08efdb1d6dc714e2f (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x15a90c201da315839a62d961a44b0787 (8) Finished request
On Mon, Feb 22, 2016 at 06:02:03PM +0100, Sylvain Munaut wrote:
The changelog for 3.0.8 shows "Fix copy_request_to_tunnel issues for tagged attributes." as bugfix. But 3.0.10 would have this fix.
I tried 3.0.11 but with the exact same results. I put the full request log with 3.0.11 at the end of the mail for reference.
I've done a pull request. Try https://github.com/FreeRADIUS/freeradius-server/pull/1544 Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Hi Matthew,
I've done a pull request. Try
Yup, that fixes it ! Thanks. Cheers, Sylvain
participants (3)
-
Alan DeKok -
Matthew Newton -
Sylvain Munaut