User + Device Authentication to Specific Network
Duncan X Simpson
virtualdxs at gmail.com
Mon Jun 10 23:04:15 CEST 2019
On Mon, Jun 10, 2019 at 1:46 PM Alan DeKok <aland at deployingradius.com>
wrote:
> Which shows you're running EAP. Which would have been good to know.
I apologize, I thought 802.1X implied EAP.
> Again, *read* the debug output. ALL OF IT. If it's hard to read, see:
>
> http://wiki.freeradius.org/radiusd-X
>
> You're doing EAP. And running the "inner-tunnel" virtual server.
Which DOES show the request it receives. AND it shows that request doesn't
contain Calling-Station-Id.
I see, I was under the impression that the proxied packet showed up as a
(1)/(2)/etc, rather than part of the outer one.
> If you want to access the *outer* Calling-Station-ID attribute, you can
do %{outer.request:Calling-Station-Id}. See "man unlang" for details.
That did it, and the whole thing makes a lot more sense to me now.
I have one last question relating to this. I couldn't find it anywhere in
the docs. How do I determine if a user is in a given group in unlang? I can
set an attribute in radgroupreply if I need to, but I figure there's
probably a cleaner way than that.
More information about the Freeradius-Users
mailing list