Unlang clarification

[David Peterson]

Hmmm...strange.  Actually that code was in the post-auth reject sections and
this is in the post-auth section:

update reply {
                User-Name !* 0x00     #removes the User-name from the
Access-acc
ept
        }

Any thoughts as to why they would add these?

David

-----Original Message-----
From:
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Arran Cudbard-Bell
Sent: Monday, May 20, 2013 9:59 AM
To: FreeRadius users mailing list
Subject: Re: Unlang clarification


On 20 May 2013, at 09:34, "David Peterson" <davidp at wirelessconnections.net>
wrote:

> I am fighting a buggy NAS and was told to add to the
/sites-enabled/default file in the post-auth section this code:
>  
>                       EAP-Message = "0x04040004"
>                          User-Name !* 0x00
>                          Message-Authenticator =
"%{Message-Authenticator}"
>  
> Can someone clarify what this would actually do to the EAP response?

You mean:

update reply {
	EAP-Message = "0x04040004"
        ...
}

You'd be forcing the server to send an EAP-Failure message, with a static
and probably incorrect ID. Removing any instances of User-Name from the
reply, and setting an invalid value for the message authenticator which
would be overwritten anyway.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org> FreeRADIUS Development Team

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html