AW: Additional reply attributes via eap-pwd possible?
denny.friebe at icera-network.de
denny.friebe at icera-network.de
Tue Jan 26 16:44:07 CET 2021
The last reply was accidentally sent directly to your email. Here again for
the mailing list:
> You've added the attributes in the inner-tunnel, but you haven't told the
server to send them to the client.
> You need to copy the inner tunnel attributes to the outer tunnel. See
sites-available/inner-tunnel:
> Then also see sites-available/default:
> this comment applies to EAP-PWD, too. Follow the instructions there.
> Alan DeKok.
Thank you for your help. I have already done this so far. Or have I
overlooked something? Here is my configuration:
sites-enabled/default:
################################
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 0
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
authorize {
filter_username
preprocess
suffix
rewrite_calling_station_id
eap {
ok = return
updated = return
}
-sql
logintime
}
authenticate {
eap
}
preacct {
preprocess
acct_unique
suffix
}
accounting {
detail
-sql
exec
attr_filter.accounting_response
}
session {
}
post-auth {
update {
&reply: += &session-state:
}
-sql
exec
Post-Auth-Type REJECT {
-sql
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
Post-Auth-Type Challenge {
}
}
pre-proxy {
}
post-proxy {
eap
}
}
################################
sites-enabled/inner-tunnel:
################################
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 0
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
authorize {
filter_username
preprocess
suffix
rewrite_calling_station_id
eap {
ok = return
updated = return
}
-sql
logintime
}
authenticate {
eap
}
preacct {
preprocess
acct_unique
suffix
}
accounting {
detail
-sql
exec
attr_filter.accounting_response
}
session {
}
post-auth {
update {
&reply: += &session-state:
}
-sql
exec
Post-Auth-Type REJECT {
-sql
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
Post-Auth-Type Challenge {
}
}
pre-proxy {
}
post-proxy {
eap
}
}
################################
More information about the Freeradius-Users
mailing list