Hello freeradius community,
I submitted the following question already 3 weeks ago, but did not see any follow up.
Since there are lots of knowledgeble people here on the list I though this might have
been due to the holidays and therefore I'm trying to post my question again.
I've got a general question regarding freeradius >= 0.8 and EAP/TLS.
What I want to do in general is to perform an action (e.g. update a database) when an
ACCESS-ACCEPT has been sent or directly prior to that.
This should not be an issue with authentication methods other than EAP/TLS, but with
EAP/TLS 4-5 ACCESS-REQUEST, ACCESS-CHALLENGE messages are exchanged (which carry
EAP/TLS information) and I'd need to find out which of the 4-5 ACCESS-REQUEST received
will result in an ACCESS-ACCEPT message sent out in return.
I've tried out several things, e.g. using the Exec-Program-Wait attribute to call an
external program and evaluate the environment variables to determine what will come
next, but I've not been able to figure out the difference, which makes freeradius
return an ACCEPT next. I've also extended the experimental perl-module and added a
post-auth function which extracted the eap-messages into one long string for further
evaluation, but without completely decoding and following the TLS exchange and looking
for the TLS success-message (which might be an indicator) I've also not reached a
better insight.
Does someone have an idea what could be done here ?
Thanks much
Andreasb?r{ry'i0z(ǫf