On 9.6.2015 15.05, Christian Kratzer wrote:
> On Tue, 9 Jun 2015, Heikki Vatiainen wrote:
> <snipp/>
>> It should now return accept or reject, not a challenge. If it accepts,
>> it will tunnel MS-CHAP2-Success back to the client with the accept.
>
> this seems to lead to the problem in our setup.
>
> We have following structure in the inner handler with a cascaded a
> second AuthSQL after the authenticating sql for authorisation:
>
> <Handler TunnelledByTTLS=1>
> Identifier TunnelledByTTLS
> AuthByPolicy ContinueWhileAccept
> AuthBy SQLauthenticate
> AuthBy SQLauthorize ( uses NoEAP and NoCheckPassword )
> </Handler>
>
> In the EAP-MSCHAPv2 case radiator does not proceed to SQLauthorize when
> SQLauthenticate has produced a challenge:
How about adding a Handler for EAP:
<Handler TunnelledByTTLS=1, EAP-Message=/.+/>
# Policies etc. to work with EAP
</Handler>
<Handler TunnelledByTTLS=1>
# Policies to work with non-EAP requests
</Handler>
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
