AW: Additional reply attributes via eap-pwd possible?
denny.friebe at icera-network.de
denny.friebe at icera-network.de
Tue Jan 26 17:01:33 CET 2021
Sorry, I just sent you the default config twice.
Here is my inner-tunnel config:
server inner-tunnel {
listen {
ipaddr = 127.0.0.1
port = 18120
type = auth
}
authorize {
filter_username
suffix
update control {
&Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
-sql
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
eap
}
session {
radutmp
}
post-auth {
reply_log
-sql
if (1) {
update reply {
User-Name !* ANY
Message-Authenticator !* ANY
EAP-Message !* ANY
Proxy-State !* ANY
MS-MPPE-Encryption-Types !* ANY
MS-MPPE-Encryption-Policy !* ANY
MS-MPPE-Send-Key !* ANY
MS-MPPE-Recv-Key !* ANY
}
update {
&outer.session-state: += &reply:
}
}
Post-Auth-Type REJECT {
-sql
attr_filter.access_reject
update outer.session-state {
&Module-Failure-Message :=
&request:Module-Failure-Message
}
}
}
pre-proxy {
}
post-proxy {
eap
}
}
More information about the Freeradius-Users
mailing list