freeradius-3.0: Using EAP-Type in post-auth processing
Felix Tiede
lists at pc-tiede.de
Wed May 10 20:18:52 CEST 2017
Am Mittwoch, 10. Mai 2017, 17:00:47 CEST schrieben Sie:
> %{EAP-Type} should be populated - and the value, &EAP-Type works - you
> may need to check its numeric value. are you using latest 3.0.x ?
Using
if (%{EAP-Type} == EAP-TLS)
yields the following lines and ends in no operation taken:
# Skipping contents of 'if' as it is always 'false' -- /etc/raddb/policy.d/
vlan-id:5
# Skipping contents of 'elsif' as it is always 'false' -- /etc/raddb/
policy.d/vlan-id:13
>From an actual request:
(11) if (%{EAP-Type} == EAP-TLS) {
(11) if (%{EAP-Type} == EAP-TLS) -> FALSE
(11) elsif (%{EAP-Type} == PEAP) {
(11) elsif (%{EAP-Type} == PEAP) -> FALSE
Using
if (&EAP-Type == EAP-TLS)
yields then this, similar to 'if (EAP-Type == EAP-TLS)':
/etc/raddb/policy.d/vlan-id[5]: Parse error in condition
/etc/raddb/policy.d/vlan-id[5]: (&EAP-Type == EAP-TLS) {
/etc/raddb/policy.d/vlan-id[5]: ^ Failed to parse value for
attribute
I'm using freeradius-3.0.13 for these tests.
I would like not to use numeric values - both EAP-Type and EAP-TLS/PEAP are
from freeradius' built-in dictionary.
Regards,
Felix
--
BOFH Excuse #129:
The ring needs another token
More information about the Freeradius-Users
mailing list