Client IP Address , Packet-Src-IP-Address

Arran Cudbard-Bell A.Cudbard-Bell at
Wed May 2 12:55:12 CEST 2007


Just had a thought.

Currently with internal EAP proxying

copy_request_to_tunnel = yes
use_tunneled_reply = yes

Mean that when the contents of the eap packet is proxied internally
the attributes from the radius packet get copied to the proxy request.

And that the final set of reply attributes is taken directly from the 
reply attributes sent back from the internal proxy.

Which means

you can use

DEFAULT FreeRADIUS-Proxied-To ==, Autz-Type := "Eap-Internal"

         Autz-Type eap-internal {
                 # Grab NT-Password from directory for use in MSChap-V2
                 # Read Authorisation groups from SQL Server

Which speeds things up a great deal when doing EAP...

Unfortunately this breaks anything which relies on Packet-Src-IP-Address 
/ Client-IP-Address

As they will be *sigh*

Can you see any way of getting round this ?

Need Client-IP-Address to determine which set of proxies the request is 
coming in form...

Arran Cudbard-Bell (A.Cudbard-Bell at
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900

More information about the Freeradius-Devel mailing list