EAP-TLV
Vieri
rentorbuy at yahoo.com
Fri Dec 15 18:38:19 CET 2017
________________________________
From: Alan Buxey <alan.buxey at gmail.com>
> send me your virtual server configs. There will be some obvious thing there.
I'm supposing you mean my virtual_server defined in the eap module?
It refers to inner-tunnel, and it's content follows:
server inner-tunnel {
listen {
ipaddr = 127.0.0.1
port = 18120
type = auth
}
authorize {
filter_username
custom_split_username_nai
chap
mschap
suffix
update control {
&Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
files
-ldap
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
mschap
eap
}
session {
radutmp
}
post-auth {
if (0) {
update reply {
User-Name !* ANY
Message-Authenticator !* ANY
EAP-Message !* ANY
Proxy-State !* ANY
MS-MPPE-Encryption-Types !* ANY
MS-MPPE-Encryption-Policy !* ANY
MS-MPPE-Send-Key !* ANY
MS-MPPE-Recv-Key !* ANY
}
update {
&outer.session-state: += &reply:
}
}
Post-Auth-Type REJECT {
attr_filter.access_reject
update outer.session-state {
&Module-Failure-Message := &request:Module-Failure-Message
}
}
}
pre-proxy {
}
post-proxy {
eap
}
}
policy.d/canonicalization contains:
custom_nai_regexp1 = '^(\w+)@(.*)$'
custom_nai_regexp = '^(.*)\\(\w+)$'
custom_split_username_nai {
if (&User-Name && (&User-Name =~ /${policy.custom_nai_regexp1}/)) {
update request {
&Stripped-User-Name := "%{1}"
&Stripped-User-Domain = "%{2}"
}
updated
}
else {
if (&User-Name && (&User-Name =~ /${policy.custom_nai_regexp}/)) {
update request {
&Stripped-User-Name := "%{2}"
&Stripped-User-Domain = "%{1}"
}
updated
} else {
noop
}
}
}
More information about the Freeradius-Users
mailing list