From 33ec9e7f1c5b5e1ddb75244650f5c6eaf0124c40 Mon Sep 17 00:00:00 2001
From: Matthew Grotke <mgrotke@gmail.com>
Date: Sat, 6 Jun 2026 14:25:01 -0400
Subject: [PATCH] Development

---
 docker/routlin-dash/app/pages/radius/action.py | 18 +++++++++++++-----
 .../routlin-dash/app/pages/radius/content.json | 18 +++++++++++++-----
 docker/routlin-dash/app/pages/radius/view.py   |  4 ++--
 routlin/mod_radius.py                          | 12 ++++++++----
 4 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/docker/routlin-dash/app/pages/radius/action.py b/docker/routlin-dash/app/pages/radius/action.py
index 2404c88..35438a3 100644
--- a/docker/routlin-dash/app/pages/radius/action.py
+++ b/docker/routlin-dash/app/pages/radius/action.py
@@ -88,12 +88,20 @@ def auth_mode_save():
             after['inner_protocol'] = inner_protocol
         else:
             after.pop('inner_protocol', None)
+        if eap_protocol in ('eap_peap', 'eap_ttls'):
+            after['include_length'] = include_length
+        else:
+            after.pop('include_length', None)
+    elif auth_mode == 'eap_credential':
         after['include_length'] = include_length
-    else:
-        after.pop('eap_protocol',    None)
-        after.pop('tunneled_reply',  None)
-        after.pop('inner_protocol',  None)
-        after.pop('include_length',  None)
+        after.pop('eap_protocol',   None)
+        after.pop('tunneled_reply', None)
+        after.pop('inner_protocol', None)
+    else:  # mab
+        after.pop('eap_protocol',   None)
+        after.pop('tunneled_reply', None)
+        after.pop('inner_protocol', None)
+        after.pop('include_length', None)
     cfg.setdefault('radius', {})['options'] = after
 
     changes = diff_fields(before, after)
diff --git a/docker/routlin-dash/app/pages/radius/content.json b/docker/routlin-dash/app/pages/radius/content.json
index 3d2212d..90a189b 100644
--- a/docker/routlin-dash/app/pages/radius/content.json
+++ b/docker/routlin-dash/app/pages/radius/content.json
@@ -164,7 +164,7 @@
       "items": [
         {
           "type": "p",
-          "text": "Unknown or unregistered devices are assigned to this VLAN. For wired switch ports, also set the fallback network in your managed switch's configuration."
+          "text": "Unknown devices are assigned to this VLAN. For wired switch ports, also set the fallback network in your managed switch's configuration."
         },
         {
           "type": "raw_html",
@@ -267,6 +267,18 @@
               "value": "%RADIUS_TUNNELED_REPLY%",
               "hint": "Copies VLAN and authorization attributes from the inner EAP exchange to the outer RADIUS Access-Accept. Required by some switches for VLAN assignment to work correctly."
             },
+            {
+              "type": "raw_html",
+              "html": "</div>"
+            },
+            {
+              "type": "raw_html",
+              "html": "</div>"
+            },
+            {
+              "type": "raw_html",
+              "html": "<div id=\"eap-include-length-row\">"
+            },
             {
               "type": "field",
               "label": "",
@@ -280,10 +292,6 @@
               "type": "raw_html",
               "html": "</div>"
             },
-            {
-              "type": "raw_html",
-              "html": "</div>"
-            },
             {
               "type": "button_row",
               "items": [
diff --git a/docker/routlin-dash/app/pages/radius/view.py b/docker/routlin-dash/app/pages/radius/view.py
index 55840c7..3d1ead7 100644
--- a/docker/routlin-dash/app/pages/radius/view.py
+++ b/docker/routlin-dash/app/pages/radius/view.py
@@ -104,9 +104,9 @@ def collect_tokens(cfg):
     all_radius_clients = [r for r in cfg.get('dhcp_reservations', []) if r.get('radius_client') is True]
     n = len(all_radius_clients)
     if n > 0:
-        tokens['RADIUS_CLIENT_STATUS_TEXT'] = f"RADIUS will be disabled if there are no RADIUS Clients specified on the DHCP Reservations page. There are currently {n} RADIUS Client{'s' if n != 1 else ''}. RADIUS is enabled."
+        tokens['RADIUS_CLIENT_STATUS_TEXT'] = f"RADIUS will be disabled if there are no RADIUS Clients (authenticators) specified on the DHCP Reservations page. There are currently {n} RADIUS Client{'s' if n != 1 else ''}. RADIUS is enabled."
     else:
-        tokens['RADIUS_CLIENT_STATUS_TEXT'] = "RADIUS will be disabled if there are no RADIUS Clients specified on the DHCP Reservations page. There are currently 0 RADIUS Clients. RADIUS is disabled."
+        tokens['RADIUS_CLIENT_STATUS_TEXT'] = "RADIUS will be disabled if there are no RADIUS Clients (authenticators) specified on the DHCP Reservations page. There are currently 0 RADIUS Clients. RADIUS is disabled."
 
     radius_client_reservations = [
         r for r in all_radius_clients
diff --git a/routlin/mod_radius.py b/routlin/mod_radius.py
index bf5d195..8c794bf 100644
--- a/routlin/mod_radius.py
+++ b/routlin/mod_radius.py
@@ -295,10 +295,14 @@ def set_freeradius_eap(data):
         inner_block = 'peap' if eap_protocol == 'eap_peap' else 'ttls'
         content4 = _patch_setting_in_block(content4, inner_block, 'default_eap_type', inner_protocol)
 
-    if eap_protocol in ('eap_peap', 'eap_ttls'):
-        il_val     = 'yes' if opts.get('include_length', False) else 'no'
-        inner_blk  = 'peap' if eap_protocol == 'eap_peap' else 'ttls'
-        content4   = _patch_setting_in_block(content4, inner_blk, 'include_length', il_val)
+    auth_mode = opts.get('auth_mode', 'mab')
+    if auth_mode == 'eap_credential':
+        il_val   = 'yes' if opts.get('include_length', False) else 'no'
+        content4 = _patch_setting_in_block(content4, 'tls', 'include_length', il_val)
+    elif eap_protocol in ('eap_peap', 'eap_ttls'):
+        il_val    = 'yes' if opts.get('include_length', False) else 'no'
+        inner_blk = 'peap' if eap_protocol == 'eap_peap' else 'ttls'
+        content4  = _patch_setting_in_block(content4, inner_blk, 'include_length', il_val)
 
     if content4 == content:
         return False