Is FreeRADIUS 2.1.1 capable of handling NAI decorations
Alan DeKok
aland at deployingradius.com
Tue Dec 2 17:05:27 CET 2008
Luca Adamo wrote:
> FreeRADIUS 2.1.1 seems to be unable to process the NAI decoration
What does that mean? The configuration language ("man unlang") has
support for a wide range of attribute matching && re-writing methods.
The *default* methods shipped in the example configuration files do
not include WiMAX examples. Instead, they show the traditional RADIUS
methods of handling realms.
> so the
> username is passed unaltered to the modules and of course there're a lot
> of problems arising for the presence of the curly braces and the equal
> sing inside the User-Name.
See "man unlang". You can re-write the User-Name to be anything you want.
> If I hack the safe character list of Oracle
> (the database I chose to store user credentials and profiles) adding
> both the curly braces and the equal sign everything work fine but IMHO
> is not the solution. I tried also to use the attr_rewrite module trying
> to remove the unwanted prefix from the User-Name attrribute but this
> obviously breaks EAP (as Alan also has stated in a mail discussion I red
> on the Internet).
That's a larger issue that I'm currently trying to resolve with the
IETF, the WiMAX forum, the FMCA, the WBA, and many other acronym-laden
groups.
> Sorry if I've been too prolix, at the end my question is the one of the
> subject..."Is FreeRADIUS 2.1.1 capable of handling NAI decorations
> according to WiMaX Forum 1.2 St. 3?" And if not, can I have some
> suggestion on which one can be the starting point for the development of
> such functionality?
Re-writing the User-Name may cause the EAP module to get upset.
The simplest way to fix this is to edit src/modules/rlm_eap/*.c in
order to remove the checks that require EAP identity to be the same as
the User-Name.
Alan DeKok.
More information about the Freeradius-Users
mailing list