Semantics of !~ operator

[Gerald Vogt]

On 28/04/15 14:07, Alan DeKok wrote:
> On Apr 28, 2015, at 7:36 AM, Gerald Vogt <vogt at spamcop.net> wrote:
>> The default server has the Called-Station-Id attribute, it does correctly extract the SSID from the Id and it correctly puts it into the Called-Station-SSID. I even do some checks in unlang based on that SSID in the outer server and they show results as expected.
>
>    Hmm... the TTLS / PEAP code only copies over RADIUS *protocol* attributes.  It doesn't copy anything else.  I suppose that should be documented better.
>
>> So I suppose in that context the attribute exists. But it doesn't go into the inner tunnel. Neither by means of the eap module copy_request_to_tunnel=yes nor by the added "update request" in the inner tunnel.
>
>    You should be able to do:
>
> update request {
> 	Called-Station-SSID := &outer.request:Called-Station-SSID
> }

It doesn't work. I have tried that and

         update request {
                 Called-Station-SSID := &outer.Called-Station-SSID
         }

at the beginning of the inner-tunnel authorize section and neither gets 
any value in the inner tunnel.

>    If that doesn't work, it's likely a bug.

So it's a bug, I guess.

>> Yes. I know that. That's how I did it in the beginning. My own "ssid" policy does not modify Called-Station-Id and thus I could extract the SSID in the inner tunnel as well.
>
>    Just run the policy in the inner tunnel, not the outer one.

I need the SSID in the outer server, too. So I guess it's back to square 
one and I better use my own policy which simply extracts the SSID. That 
policy I can use on  both servers...

-Gerald