Client IP Address , Packet-Src-IP-Address
Alan DeKok
aland at deployingradius.com
Wed May 2 14:19:30 CEST 2007
Arran Cudbard-Bell wrote:
...
> Autz-Type eap-internal {
> mschap
> # Grab NT-Password from directory for use in MSChap-V2
> ldap
> # Read Authorisation groups from SQL Server
> sql
> }
>
> Which speeds things up a great deal when doing EAP...
In the CVS head, I'm looking into adding a "tunnel is ready for
credentials" flag inside of the EAP module. It will normally return
"updated" during ssl setup, and "ok" when the current packet needs
authentication credentials.
> Unfortunately this breaks anything which relies on Packet-Src-IP-Address
> / Client-IP-Address
>
> As they will be 127.0.0.1 *sigh*
>
> Can you see any way of getting round this ?
Hmm.... src/main/util.c has request_alloc_fake(), which initializes
the tunneled request. It may be worth changing it to copy the outer
tunnel source/dest IP's and ports.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Devel
mailing list