On 10/23/2013 08:14 PM, Michael Hulko wrote:
> Thanks for the clarification... I was able to do as suggested. However,
> I am finding that evaluating check items in Handlers using Vendor VSAs
> are a hit or miss.
There should not be any difference in Vendor and IANA (non-Vendor)
attributes. Both are looked up and treated the same when e.g, choosing
the Handler.
> I have in my config...
>
> <Handler Client-Identifier = ONCAMPUS, Aruba-Port-Identifier =
> <controller-address>:0/11> -----> This works fine !
>
> <Handler TunnelledByPeap=1, Client-Identifier=ONCAMPUS, Realm=uwo.ca>
> --------> This works fine !
>
> <Handler TunnelledByPeap=1, Client-Identifier=ONCAMPUS, Realm=uwo.ca,
> Aruba-Essid-Name=<ssid of choice> -------> FAILS !!!
The reason here is likely that nothing adds Aruba-Essid-Name in the
inner request. If you watch Trace 4 log, you can see what goes in the
request describing the tunnelled request. Some basic attributes go, but
VSAs by default do not.
This one-liner in the outer AuthBy should help:
PreHandlerHook sub {my $p = ${$_[0]}; $p->add_attr('Aruba-Essid-Name',
$p->{outerRequest}->get_attr('Aruba-Essid-Name'));}
The trace 4 log should now show that the tunnelled request has
Aruba-Essid-Name.
Apparently Aruba-Port-Identifier was in the Handler that picks up the
request from the NAS, not inner request?
> My dictionary file has all the Aruba VSA's defined..
>
> other testing shows that it works with Some VSA's but not all...
Maybe the ones that did not work are handlers for inner requests?
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
