LDAP Groups to Freeradius and then Ruckus Wireless?
Enrique Sainz Baixauli
enriquesainz.beca at intef.educacion.es
Wed Jun 11 11:22:02 CEST 2014
> From "man unlang" (or
>
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/man/man5/unlang.
5):
>
> "
> Inside of the "foreach" block, the attribute which is being looped over
can be referenced as "Foreach-Variable-#". Where "#" is the depth of the
loop, starting at "0". e.g. "Foreach-Variable-0". The loops can be nested
up to > eight (8) deep, though this is not recommended.
> "
>
> Does your tls config somehow has nested foreach, so that
> Foreach-Variable-1 is used instead Foreach-Variable-0?
No, my foreach {} is right inside post-auth {} (in default server config).
Actually, it's the second uncommented line, after a call to cache. In eap
module config, tls section only contains "tls = tls-common", and there are
no loops in tls-config tls-common {}. There is no foreach at all in eap mod
config.
The thing is that, in an EAP-PEAP authentication process with MSCHAPv2, the
variable I need to use is Foreach-Variable-0. However, in EAP-TLS that
should be Foreach-Variable-1. My only guess is that there is a foreach loop
in the TLS conversation (without it being in the config, maybe?), inside
which post-auth is called. But I know nothing about the internals...
More information about the Freeradius-Users
mailing list