NAS-IP-Address, rlm_perl, and loopback

Sewell, Adam W awsewell at catawba.edu
Tue Aug 26 04:41:46 CEST 2008


Thanks for the help guys, but I don't think that's going to work for me. I was doing some testing today and it doesn't seem like I can add a filter-id to the access-accept packet from the post-auth function. Our switches require that to set the policy. Am I missing something here?



----- Original Message -----
From: A.L.M.Buxey at lboro.ac.uk
Sent: Fri, 8/22/2008 3:10am
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: NAS-IP-Address, rlm_perl, and loopback

Hi,

>   Which explains what's going on.  PEAP is really two things: an outer
> TLS session, and inner EAP-MSCHAPv2 authentication.  So there are *two*
> streams of RADIUS packets.  One that sets up the tunnel, and one that
> does the authentication inside of the tunnel.

yep - so if you only want to define a policy after 
successful authentication, you only call the 'perl'
routine in the post-auth section - therefore it
doesnt get called all the time. As Alan pointed out.
You should also ensure that , if this is the case,
you only have the post-auth function defined in the
perl module and in the perl code. no need to have any
other functions enabled.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list