LDAP Groups to Freeradius and then Ruckus Wireless?

Enrique Sainz Baixauli enriquesainz.beca at intef.educacion.es
Wed Jun 11 11:22:02 CEST 2014

> From "man unlang" (or
> "
> Inside of the "foreach" block, the attribute which is being looped over
can be referenced as "Foreach-Variable-#".  Where "#" is the depth of the
loop, starting at "0".  e.g. "Foreach-Variable-0".  The loops can be nested
up to > eight (8) deep, though this is not recommended.
> "
> Does your tls config somehow has nested foreach, so that
> Foreach-Variable-1 is used instead  Foreach-Variable-0?

No, my foreach {} is right inside post-auth {} (in default server config).
Actually, it's the second uncommented line, after a call to cache. In eap
module config, tls section only contains "tls = tls-common", and there are
no loops in tls-config tls-common {}. There is no foreach at all in eap mod

The thing is that, in an EAP-PEAP authentication process with MSCHAPv2, the
variable I need to use is Foreach-Variable-0. However, in EAP-TLS that
should be Foreach-Variable-1. My only guess is that there is a foreach loop
in the TLS conversation (without it being in the config, maybe?), inside
which post-auth is called. But I know nothing about the internals...

More information about the Freeradius-Users mailing list