Phil Mayers p.mayers at imperial.ac.uk
Mon Nov 7 17:47:26 CET 2011

On 07/11/11 16:24, Panagiotis Georgopoulos wrote:
> Hello all,
> I have a policy in my post-auth that calculates a hash function based on
> the real-identify of the user. The idea is that if the request is
> EAP-TTLS then I want to use the User-Name property of the inner tunnel,
> whereas if the request is for EAP-TLS I want to use the BUF-Name (if
> I’ve got it correctly).

BUF-Name is not a standard attribute.

> How do I determine in my policy whether we are doing EAP-TLS or
> EAP-TTLS? Can anyone help with that ‘if’ I am looking for?

I'm not clear on exactly what you want. Perhaps you could explain in 
more detail?

Possibly something like:

post-auth {

  if (EAP-Type == EAP-TTLS) {
    update reply {
      My-Hash := "%{md5:%{reply:User-Name}}"

  elsif (EAP-Type == EAP-TLS) {
    update reply {
      My-Hash := "%{md5:%{TLS-Cert-Subject}}"


...is what you're looking for?

More information about the Freeradius-Users mailing list