Multiple instances of attribute in tunnelled reply
Alan DeKok
aland at deployingradius.com
Wed Apr 23 10:15:30 CEST 2008
Arran Cudbard-Bell wrote:
> Hi,
>
> We formulate our reply inside of the virtual server dealing with EAP and
> send it back to the outer server. This is the only way I could think of
> to insert the Inner identity into the Access-Accept.
...
update outer.reply {
User-Name := "foo"
}
...
> It all works
> fine... however it seems there's a bug when dealing with multiple
> instances of the same attribute.
Ah.... the code in "unlang" was fixed to correct this problem. The
basic API used in the basic RADIUS library wasn't fixed.
Ok... I'll take a look at it when I get back from my current trip.
> What's really weird is in the previous rounds of EAP, the attributes
> retain the += operator, it's only in the one where the EAP-Success
> message is returned where all the operators are stripped out.
Yes. "copy everything", versus "merge via operators".
Alan DeKok.
More information about the Freeradius-Users
mailing list