use_tunneled_reply in PEAP or TTLS tunnels
Alan DeKok
aland at deployingradius.com
Fri Jun 6 13:44:09 CEST 2014
Herwin Weststrate wrote:
> The last part (and the reply to the NAS will be taken from the reply to
> the tunneled request) makes me expect that all attributes from the reply
> of the home server are copied to the outer reply. In this case it would
> be the various attributes to change a VLAN (Tunnel-Type,
> Tunnel-Medium-Type and Tunnel-Private-Group-Id).
Yes, that should happen.
> Looking at the reply, I only see the User-Name attribute updated to my
> inner user. The relevant code uses the method pairfilter, which is
> described as "Move pairs of a matching attribute number, vendor number
> and tag from the the input list to the output list." Basicly, this means
> that only values that are already present are overwritten. Not exactly
> what I was expecting.
And not what the documentation for pairfilter says. It helps to read
ALL of it:
* @param[in] attr to match, if PW_VENDOR_SPECIFIC and vendor 0, only
VSAs will
* be copied. If 0 and 0, all attributes will match
* @param[in] vendor to match.
* @param[in] tag to match, TAG_ANY matches any tag, TAG_NONE matches
tagless VPs.
> Is this a bug in the code, or is the problem just that the documentation
> could use a little clarification?
The code should work as documented. Since you haven't posted any
debug output, there's no reason to think otherwise.
Alan DeKok.
More information about the Freeradius-Users
mailing list