Problems with Huntgroup

Sergio Belkin sebelk at gmail.com
Wed Jun 6 20:56:54 CEST 2012


2012/6/6 Matthew Newton <mcn4 at leicester.ac.uk>:
> On Wed, Jun 06, 2012 at 10:28:27AM -0300, Sergio Belkin wrote:
>> I've added this files because I like to separate logs when supplicants
>> are using PEAP or TTLS
>
> I'd still use just one file, and filter the logs instead.
>
>> Is there a better way of doing that?
>
> There may be several ways. The first one that comes to mind is
> just pulling the EAP type out of the EAP-Message attributes.
>
> PEAP connections will have an EAP-Message attribute that matches
> the regexp /^0x........19/, whereas TTLS connections will match
> /^0x........15/.
>
> Alternatively, and probably easier in the long run, add
> %{EAP-Type} to linelog, so you get the name directly in your logs.
> Add it in the outer, and you'll see TTLS or PEAP. Add it in the
> inner, and you'll see the inner EAP type, such as MS-CHAP-V2.

Good idea, I've tried appending  %{EAP-Type) that to detail.log but
sending nothing
eg:

auth-detail-AP-XXX-DEFAULT--20120606

Between "-" and "-" is nothing (Neither TTLS nor PEAP appears)



>
>
>> I want to learn. Sorry but I repeat the question how a module is
>> added? because "files" is statament is present on both files
>> /etc/raddb-testing/sites-enabled/inner-tunnel-peap and
>> /etc/raddb-testing/sites-enabled/inner-tunnel
>
> Apologies - you're right, it is being called.
>
> ++[files] returns noop

:-)

>
> Add 'preprocess' to the top of the authorize{} section in your
> inner-tunnel-peap / inner-tunnel files. That's the module that
> checks huntgroups.

Thanks guys it dit it! I just realize that modules must be appended in
inner-tunnel files to load them :)

TIA

>
> Cheers,
>
> Matthew
>
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Architect (UNIX and Networks), Network Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -



-- 
--
Sergio Belkin  http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org


More information about the Freeradius-Users mailing list