Authorization through inner identity
ZHANG Gina
Gina.Zhang at alcatel-lucent.com
Tue Feb 23 17:39:26 CET 2010
Alan,
Thanks for all the help! I need to modify my question. I am using
mschapv2 inside ttls tunnel. Upon receipt of the MS-CHAP2-Success AVP,
the client is able to authenticate the FR. If the authentication
succeeds, the client sends and EAP-TTLS packet to FR containing no data.
Only upon receiving this packet, FR authorize. But at this point, the
request packet contains no inner tunnel identity. Is there anyway to
config FR to authorize according to the inner-tunnel indentity in this
case?
Regards,
Gina
-----Original Message-----
From:
freeradius-users-bounces+gina.zhang=alcatel-lucent.com at lists.freeradius.
org
[mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent.com at lists.fre
eradius.org] On Behalf Of Alan Buxey
Sent: Tuesday, February 23, 2010 3:41 AM
To: FreeRadius users mailing list
Subject: Re: Authorization through inner identity
Hi,
> Alan,
>
> All I want to do is to use inner username to lookup the database table
> to authorize.
so long as you call the relevant SQL module in the authorize {} section
of innter-tunnel then the default config will work fine for you.
- once the server is in inner-tunnel (called via EAP) it will only be
dealing with the inner username (unless you've done something
crazy/weird with the config!)
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list