Using EXEC authentication sources
Alan DeKok
aland at deployingradius.com
Fri Oct 4 15:29:36 CEST 2019
On Oct 4, 2019, at 9:21 AM, Nate . <nate2077developer at gmail.com> wrote:
>
> The Calling-Station-ID shows up in the outer portion, eap & "default", but
> not the inner-tunnel. I just don't understand how I'm supposed to set a
> custom variable to pass to the inner tunnel for use like this.
You don't. You read "man unlang", which tells you how to reference an outer attribute from the inner-tunnel. Instead of
Calling-Station-Id
do
outer.request:Calling-Station-Id
There examples of this kind of thing all through the default configuration files, including "inner-tunnel".
> I'll have to look at the python module when I have the free time, sounds
> much nicer than what I'm being told to do.. I'm required to use PHP for
> this job, so I can't just go with the python module unless it was
> warranted unfortunately. I've expressed my concerns about the security of
> this method, but they do not care and want it done this way. Their argument
> is that the server will be locked down with hardware only access once it is
> completed. My task is simply to collect the user login and device identity,
> passing it onto their secondary system for processing, then it will respond
> with Ok or Fail.
Exec also has performance issues. But if they prefer PHP to Python, they don't care about that either.
Alan DeKok.
More information about the Freeradius-Users
mailing list