On Fri, Jun 17, 2016 at 06:33:04PM +0000, Rajesh K wrote: > I am using hostapd as a AAA server in my lab. I want to add some additional RADIUS attributes in the RADIUS Access Accept. Can anyone point me on how to do the same? See hostapd/hostapd.eap_user and hostapd/hostapd.conf for documentation.. # Arbitrary RADIUS attributes can be added into Access-Accept packets similarly # to the way radius_auth_req_attr is used for Access-Request packet in # hostapd.conf. For EAP server, this is configured separately for each user # entry with radius_accept_attr=<value> line(s) following the main user entry # line. # Arbitrary RADIUS attributes can be added into Access-Request and # Accounting-Request packets by specifying the contents of the attributes with # the following configuration parameters. There can be multiple of these to # add multiple attributes. These parameters can also be used to override some # of the attributes added automatically by hostapd. # Format: <attr_id>[:<syntax:value>] # attr_id: RADIUS attribute type (e.g., 26 = Vendor-Specific) # syntax: s = string (UTF-8), d = integer, x = octet string # value: attribute value in format indicated by the syntax # If syntax and value parts are omitted, a null value (single 0x00 octet) is # used. # # Additional Access-Request attributes # radius_auth_req_attr=<attr_id>[:<syntax:value>] # Examples: # Operator-Name = "Operator" #radius_auth_req_attr=126:s:Operator # Service-Type = Framed (2) #radius_auth_req_attr=6:d:2 # Connect-Info = "testing" (this overrides the automatically generated value) #radius_auth_req_attr=77:s:testing # Same Connect-Info value set as a hexdump #radius_auth_req_attr=77:x:74657374696e67 In other words, you could use something like this in the eap_user_file to add a VSA: "hs20-deauth-test" TTLS-MSCHAPV2 "password" [2] radius_accept_attr=26:x:00009f680405016400 -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
