Open nqb opened 4 years ago
Which type of filter are you talking about?
We already support 'MS-CHAP-V2' as a connection_sub_type would that be enough?
it's just because a confusion, if you check lib/pf/constants/eap_type.pm you can see:
"MS-EAP-Authentication" => 26,
"EAP-MSCHAP-V2" => 29,
"Microsoft-MS-CHAPv2" => 26,
"MS-CHAP-V2" => 26,
26 is what we use but 29 is what we choose.
So what should be done to reduce the confusion?
Do we compare with the number and not the string ? If it's the case then we probably needs to add a new one like "THIS_IS_THE_ONE_TO_USE_IF_YOU_WANT_TO_MATCH_EAP_PEAP_MSCHAPV2"
We compare against the number internally we convert it to a number internally
Is your feature request related to a problem? Please describe. Currently, when you want to match connexions using
EAP-PEAP-MSCHAPv2
, you need to use following filter:connection_sub_type=MS-EAP-Authentication
which is not obvious (as mentioned in #5280). On top of that, if you check RADIUS audit log of your request,EAP Type
is set toMSCHAPv2
Describe the solution you'd like Use a
connection_sub_type
filter that containsMSCHAPv2
pattern to match this type of connection.Describe alternatives you've considered Display the sub type within the node info in the radius auditing log so users can read it and match on it.