Semantics of !~ operator

Gerald Vogt vogt at
Tue Apr 28 13:13:26 CEST 2015

On 28/04/15 12:09, Arran Cudbard-Bell wrote:
>> On 28 Apr 2015, at 10:36, Herwin Weststrate <herwin at> wrote:
>> On 28-04-15 11:28, Gerald Vogt wrote:
>>> debug output is usually so long...
>>> The inner-tunnel contains these three lines at the beginning of the
>>> authorize section:
>>>         update request {
>>>                 Called-Station-SSID := &outer.Called-Station-SSID
>>>         }
>>> This is debug output of one request until before the inner eap. I suppose
>>> it contains everything to show that the copy doesn't work...
>> I've always used the following syntax:
>>   update request {
>>     Called-Station-SSID := &outer.request:Called-Station-SSID
>>   }
>> Mind the extra "request:"
> It shouldn't matter, the default list should be request.
> If outer.Called-Station-SSID doesn't work and outer.request:Called-Station-SSID doesn't, then it's a bug.

Both outer.Called-Station-SSID and outer.request:Called-Station-SSID 
show the same when used in the above "update request" section. I don't 
get the SSID into the inner tunnel.

So any other idea how to get this attribute from the default server into 
the inner tunnel??



On a sidenote: looking at RFC 3580 I have noticed that
rewrite_called_station_id is not following the RFC recommendation. The 
RFC says:

3.20.  Called-Station-Id

    For IEEE 802.1X Authenticators, this attribute is used to store the
    bridge or Access Point MAC address in ASCII format (upper case only),
    with octet values separated by a "-".  Example: "00-10-A4-23-19-C0".
    In IEEE 802.11, where the SSID is known, it SHOULD be appended to the
    Access Point MAC address, separated from the MAC address with a ":".
    Example "00-10-A4-23-19-C0:AP1".

Thus stripping the SSID from Called-Station-Id is not what is 
recommended as "SHOULD". And I don't really see "valid reasons in
particular circumstances to ignore" this recommendation either. IMHO, 
rewrite_called_station_id should keep the SSID in place.

More information about the Freeradius-Users mailing list