Bug 44920 – (4.2) peap option copy_request_to_tunnel should be configurable

Bug 44920 - (4.2) peap option copy_request_to_tunnel should be configurable


Summary:	(4.2) peap option copy_request_to_tunnel should be configurable

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Radius
Version:	UCS@school 4.1 R2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.2 v3
Assigned To:	Sönke Schwardt-Krummrich
QA Contact:	Florian Best

URL:
Keywords:

Depends on:	43421
Blocks:
	Show dependency tree / graph

Reported:	2017-06-30 18:02 CEST by Sönke Schwardt-Krummrich
Modified:	2017-09-12 13:17 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017053121000228
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2017-06-30 18:02:17 CEST

Change has also to be ported to UCS@school 4.2

+++ This bug was initially created as a clone of Bug #43421 +++

In file /etc/freeradius/eap.conf there is an option called copy_request_to_tunnel which is disabled by default.  It would be handy to be able to enable this option because it makes advance scenarios possible.  For example, it can be used to determine the VLAN a user should use depending on the ESSID (Called-Station-Id).

If copy_request_to_tunnel is not set, parameters like Called-Station-Id are not available within the tunnel.

Comment 1 Sönke Schwardt-Krummrich

2017-08-24 21:27:51 CEST

2 new UCR variables have been added
- freeradius/conf/auth-type/peap/copy_request_to_tunnel
- freeradius/conf/auth-type/ttls/copy_request_to_tunnel
that may be used to enable/disable copy_request_to_tunnel in ttls/peap section.
The variables should be set with a boolean value ("1", "yes", "no", ...)

Patches have been ported from UCS@school 4.1R2 to UCS@school 4.2 (unfortunately with bug numbers of 4.1R2):

ucs-school-radius-802.1x (6.0.1-1):
r82471 | Bug #43421: added new UCR variables for copy_request_to_tunnel

Package: ucs-school-radius-802.1x
Version: 6.0.1-1A~4.2.0.201708242117
Branch: ucs_4.2-0
Scope: ucs-school-4.2

Comment 2 Sönke Schwardt-Krummrich

2017-08-30 17:04:53 CEST

Tested with:
# cp /etc/freeradius/eap.conf /etc/freeradius/eap.conf.copy1
# ucr set freeradius/conf/auth-type/peap/copy_request_to_tunnel=yes
# diff -u /etc/freeradius/eap.conf.copy1 /etc/freeradius/eap.conf
and so on

Comment 3 Florian Best

2017-08-31 10:51:44 CEST

OK: UCR variables are working
~OK: the variables don't have a description. But all other variables are missing one, too.
OK: YAML

Comment 4 Sönke Schwardt-Krummrich

2017-09-12 13:17:18 CEST

UCS@school 4.2 v3 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.2v3-de.html

If this error occurs again, please clone this bug.