PEAP request with EAP-MSCHAPv2 as Phase 2, how to store attribute data.

Alan DeKok aland at deployingradius.com
Thu Nov 9 19:56:35 CET 2017


On Nov 9, 2017, at 1:41 PM, work vlpl <thework.vlpl at gmail.com> wrote:
> I use configuration what can handle PEAP +  EAP-MSCHAPv2 as Phase 2
> and proxy inner tunnel request to another home server.
> I need log request with real username (inner identity) and other
> custom attribute available in inner tunnel phase. For other requests
> like EAP-TTLS/PAP it is trivial, in authorize section I save
> attributes of interest to me in control list, because proxy response
> override reply list.

  That won't work.  The "control" list is per-packet.  It isn't saved across multiple packets.

  You need the "session-state" list.  See "man unlang", and look for "session-state".  Look also for "session-state" in raddb/sites-available/default.  That has lots of examples and documentation.

  If you're running a very old version of 3.0, you will need to upgrade.  But  if you're running anything after 3.0.6, it should work.

  Alan DeKok.




More information about the Freeradius-Users mailing list