Re: Passing variables from inner tunnel
newtownz wrote: I think I understand the problem here, there are multiple request done to freeradius in the process of authenticating the user and since I'm trying to access the variable that was set in the previous request it is simply empty... Yes. If you want to store information across multiple packets, use a database. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing variables from inner tunnel
Hi, newtownz jean...@sympatico.ca wrote: I'm trying to pass the value of LDAP-UserDn from the inner-tunnel to the default server. I have read unlang and also tried many combinations including update outer.control from the inner tunnel and nothing worked... I'm pretty sure I saw this too and (was some time back) a glance over the source code gave me the impression that anything in the FreeRADIUS internal dictionary gets lost. Here is a debug output where we can see that the User-Dn get expanded correctly in the tunnel but is empty in the default server. Just return User-Name in the reply and do a repeat LDAP query on your outer layer; doing a 'cn' lookup should be instantaneous...if it is not you have other bigger problems[1]. Cheers [1] obviously scalability and transaction time is not a problem as you are Exec-Program-Wait'ing a PHP script ;) -- Alexander Clouter .sigmonster says: Pretend to spank me -- I'm a pseudo-masochist! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing variables from inner tunnel
Hi, Thank your for your answer. Just return User-Name in the reply and do a repeat LDAP query on your outer layer; doing a 'cn' lookup should be instantaneous... I'm a little puzzled on how to accomplish this! Regards Jean -- View this message in context: http://old.nabble.com/Passing-variables-from-inner-tunnel-tp29279811p29286932.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing variables from inner tunnel
newtownz wrote:
Hi,
Thank your for your answer.
Just return User-Name in the reply and do a repeat LDAP query on your
outer layer; doing a 'cn' lookup should be instantaneous...
I'm a little puzzled on how to accomplish this!
In the inner-tunnel virtual server:
authorize {
...
update reply {
User-Name = foo
}
...
}
Also, be aware that EAP does multiple round trips. If you update
outer.control in one packet, that value is *not* available to the next
packet in the stream.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing variables from inner tunnel
Hi, I think I understand the problem here, there are multiple request done to freeradius in the process of authenticating the user and since I'm trying to access the variable that was set in the previous request it is simply empty... Jean -- View this message in context: http://old.nabble.com/Passing-variables-from-inner-tunnel-tp29279811p29287687.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing variables from inner tunnel
HI, Since I need to have the LDAP-UserDn in the post-auth section of the default-server is there a way to execute a LDAP query in this part? Jean -- View this message in context: http://old.nabble.com/Passing-variables-from-inner-tunnel-tp29279811p29287788.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Passing variables from inner tunnel
Hi,
I'm trying to pass the value of LDAP-UserDn from the inner-tunnel
to the default server. I have read unlang and also tried many combinations
including update outer.control from the inner tunnel and nothing worked...
Here is a debug output where we can see that the User-Dn get expanded
correctly in the tunnel but is empty in the default server.
++[eap] returns ok
+- entering group post-auth {...}
expand: %{control:LDAP-UserDn} - cn=aruba,ou=etudiant,o=org
Exec-Program output: etudiant
Exec-Program-Wait: plaintext: etudiant
Exec-Program: returned: 0
++[reply] returns noop
++[outer.control] returns noop
} # server inner-tunnel
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
expand: %{control:LDAP-UserDn} -
PHP Notice: Undefined offset: 0 in /etc/freeradius/scripts/php3 on line 4
Exec-Program output: dewor
Exec-Program-Wait: plaintext: dewor
Exec-Program: returned: 0
Thanks
Jean
--
View this message in context:
http://old.nabble.com/Passing-variables-from-inner-tunnel-tp29279811p29279811.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
