Thats perfect, thanks phil, many thanks for the help. On Mon, Mar 7, 2011 at 1:19 PM, Phil Mayers <p.may...@imperial.ac.uk> wrote: > On 07/03/11 12:18, paul smith wrote: >> >> Thanks Phil, thats great works really well. >> >> It has set me thinking about a variation though, using EAP-Message >> would mean that it wouldn't run if it had been through the default >> only, such as EAP-TLS. >> Is there something else I could use which would indicate if >> inner-tunnel had been used? > > The only think I can think is to set a reply variable in the inner-tunnel, > then check for it in the outer tunnel: > > raddb/sites-enabled/inner-tunnel: > > post-auth { > update reply { > My-Var = "inner-tunnel" > } > the-exec > } > > raddb/sites-enabled/default: > > post-auth { > if (reply:My-Var == "inner-tunnel") { > } > else { > the-exec > } > } > > raddb/dictionary: > > ATTRIBUTE My-Var 3001 string > > raddb/eap.conf: > > eap { > ... > peap { > ... > use_tunneled_reply = yes > } > ttls { > ... > use_tunneled_reply = yes > } > } > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html