Problems with Huntgroup

Matthew Newton mcn4 at leicester.ac.uk
Wed Jun 6 16:19:04 CEST 2012


On Wed, Jun 06, 2012 at 10:28:27AM -0300, Sergio Belkin wrote:
> I've added this files because I like to separate logs when supplicants
> are using PEAP or TTLS

I'd still use just one file, and filter the logs instead.

> Is there a better way of doing that?

There may be several ways. The first one that comes to mind is
just pulling the EAP type out of the EAP-Message attributes.

PEAP connections will have an EAP-Message attribute that matches
the regexp /^0x........19/, whereas TTLS connections will match
/^0x........15/.

Alternatively, and probably easier in the long run, add
%{EAP-Type} to linelog, so you get the name directly in your logs.
Add it in the outer, and you'll see TTLS or PEAP. Add it in the
inner, and you'll see the inner EAP type, such as MS-CHAP-V2.


> I want to learn. Sorry but I repeat the question how a module is
> added? because "files" is statament is present on both files
> /etc/raddb-testing/sites-enabled/inner-tunnel-peap and
> /etc/raddb-testing/sites-enabled/inner-tunnel

Apologies - you're right, it is being called.

++[files] returns noop

Add 'preprocess' to the top of the authorize{} section in your
inner-tunnel-peap / inner-tunnel files. That's the module that
checks huntgroups.

Cheers,

Matthew



-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list