Check EAP Type in Unlang/Post Auth

Arnab Roy arnabroy at mail.com
Thu Apr 27 00:21:37 CEST 2017


   Hi Matthew,

   I tried this
   if(EAP-Type== "PEAP"){
                                                                   update
   reply {

   Aruba-User-Role = "guest"
                                                                   }
                                                           }

   In both and inner and outer servers it never matches that rule. Any
   further suggestions.

   Cheers
   Arnab

   Sent: Wednesday, April 26, 2017 at 12:01 PM
   From: "Matthew Newton" <mcn4 at leicester.ac.uk>
   To: "FreeRadius users mailing list"
   <freeradius-users at lists.freeradius.org>
   Subject: Re: Check EAP Type in Unlang/Post Auth
   On Wed, Apr 26, 2017 at 12:40:11PM +0200, Arnab Roy wrote:
   > //This is my way of trying to explain the requirements not the real
   > unlang syntax :)
   > if(eap-type == "PEAP"){
   >
   > VSA:=Blah
   >
   > }
   > elseif(eap-type=="TLS")
   > {
   > VSA:=Blah
   > }
   Something like
   if (EAP-Type == "PEAP") {
   # PEAP
   update reply {
   ...
   }
   }
   elsif (EAP-Type == "TLS") {
   # EAP-TLS
   update reply {
   ...
   }
   }
   else {
   # default case
   update reply {
   ...
   }
   }
   I can't remember offhand exactly where EAP-Type is available - you
   may need to do it in the inner-tunnel and copy the attributes back
   to the outer.
   Matthew
   --
   Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
   Systems Specialist, Infrastructure Services,
   I.T. Services, University of Leicester, Leicester LE1 7RH, United
   Kingdom
   For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
   -
   List info/subscribe/unsubscribe? See
   [1]http://www.freeradius.org/list/users.html

References

   1. http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list