PEAP request with EAP-MSCHAPv2 as Phase 2, how to store attribute data.
Alan DeKok
aland at deployingradius.com
Thu Nov 9 19:56:35 CET 2017
On Nov 9, 2017, at 1:41 PM, work vlpl <thework.vlpl at gmail.com> wrote:
> I use configuration what can handle PEAP + EAP-MSCHAPv2 as Phase 2
> and proxy inner tunnel request to another home server.
> I need log request with real username (inner identity) and other
> custom attribute available in inner tunnel phase. For other requests
> like EAP-TTLS/PAP it is trivial, in authorize section I save
> attributes of interest to me in control list, because proxy response
> override reply list.
That won't work. The "control" list is per-packet. It isn't saved across multiple packets.
You need the "session-state" list. See "man unlang", and look for "session-state". Look also for "session-state" in raddb/sites-available/default. That has lots of examples and documentation.
If you're running a very old version of 3.0, you will need to upgrade. But if you're running anything after 3.0.6, it should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list