RES: How does CUI works? How does anonymous works? Im lost

Alan DeKok aland at deployingradius.com
Wed Jun 24 20:28:14 CEST 2020


On Jun 24, 2020, at 10:41 AM, Daniel Guimaraes Pena <daniel.pena at mpdft.mp.br> wrote:
> 
> By doing this
>> 	update outer.state {
>> 		User-Name := &request:User-Name 
>> 	}
> 
> in post-auth at sites-available/inner-tunnel, results in this error:
> 
> } # server default
> server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
> # Loading authenticate {...}
> # Loading authorize {...}
> # Loading session {...}
> # Loading pre-proxy {...}
> # Loading post-proxy {...}
> # Loading post-auth {...}
> /etc/freeradius/3.0/sites-enabled/inner-tunnel[374]: Default list "state" specified in mapping section is invalid
> /etc/freeradius/3.0/sites-enabled/inner-tunnel[286]: Errors parsing post-auth section.

  Sorry, that's a typo.

> Does it have to be like this?
>> 	update outer.session-state {
>> 		User-Name := &request:User-Name 
>> 	}

  Yes.

> I am starting to think radical: Enabling filter_inner_identity to block those requests that has different usernames

  If you can't update the clients which send the wrong outer identity, there's not much you can do.  Rejecting them won't work.

  Alan DeKok.




More information about the Freeradius-Users mailing list