Re: EAP Attributes

[Arran Cudbard-Bell]

On 16 Nov 2011, at 19:59, Houston-III, Lester L wrote:

 Does the EAP plugin support Vendor Specific Attributes (VSA)? 

No.

 Can any of the EAP attributes be modified to contain my own set of data?  How 
 can I inject custom data into my EAP message?

Yes. Modify the EAP-Message attribute.

-Arran

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: EAP Attributes

[Houston-III, Lester L]

Can you elaborate a little more or point me to some documentation.  How do you 
modify the EAP-Message attribute?

Can any of the EAP attributes be modified to contain my own set of data?  How 
can I inject custom data into my EAP message?

Yes. Modify the EAP-Message attribute.

-Arran

Arran Cudbard-Bell
a.cudba...@freeradius.orgmailto:a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP Attributes

[Arran Cudbard-Bell]

On 16 Nov 2011, at 21:46, Houston-III, Lester L wrote:

 Can you elaborate a little more or point me to some documentation.  How do 
 you modify the EAP-Message attribute?

man unlang.

The same you would with any other RADIUS attribute.

update reply {
EAP-Message := 0xD3ADB33F
}

-Arran

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP Attributes

[Phil Mayers]

On 11/16/2011 06:59 PM, Houston-III, Lester L wrote:

Does the EAP plugin support Vendor Specific Attributes (VSA)?  Can any
of the EAP attributes be modified to contain my own set of data? How can
I inject custom data into my EAP message?


Why do you think you want to do this?

EAP methods typically define the format of the data exchanged; you can't 
just add extra data willy nilly.


Most EAP methods are in fact cryptographically signed/secure, which is 
the whole point.


So, you can update the EAP-Message attribute - but basically that 
implies that you're implementing or modifying an EAP method, and that 
usually requires matching support on the client side, so it's probably 
futile.


What are you trying to accomplish?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: EAP Attributes

[Houston-III, Lester L]

Well,  I'm trying to use information included in the EAP message for post 
authorization using JRADIUS.  I was hoping that I could somehow inject some 
custom data that would be propagated to JRADIUS from FreeRADIUS then I could 
perform some processing on this data during the post authorization phase.

 What are you trying to accomplish?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP Attributes

[Phil Mayers]

On 11/16/2011 10:09 PM, Houston-III, Lester L wrote:

Well,  I'm trying to use information included in the EAP message for
post authorization using JRADIUS.  I was hoping that I could somehow
inject some custom data that would be propagated to JRADIUS from
FreeRADIUS then I could perform some processing on this data during
the post authorization phase.


Whilst it's probably possible in theory, it's a bad, bad way to do it - 
like I say, you can't just interfere with EAP data - it's formatted 
according to very specific specs.


If you want to pass data that JRadius can process, do it in a normal 
radius attribute.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html