attribute assignment in post-auth?

Phil Mayers p.mayers at imperial.ac.uk
Thu Dec 13 19:45:34 CET 2007


Norbert Wegener wrote:
> With 1.1.7 I want to add  attributes to an eap authenticated client.
> The rules for applying vlan are somewhat unusual, that I decided to use 
> mysql and stored procedures to determine the values that have to be 
> applied.
> When I call the corresponding sql module from the authorize section, I 
> run into the problem described at:
> https://lists.freeradius.org/pipermail/freeradius-users/2007-September/066381.html 
> 
> to which Alan already answered:
> 
>  > Ideally, the attributes in the reply should be sent ONLY on
> 
>> Access-Accept.  i.e. the configuration should NOT update the reply until
>> it has determined that the user has been authenticated.
> 
>>  This involves moving most of the policy from the "authorize" section
>> to the "post-auth" section.

You can't currently do that. The post-auth handler does not expect the 
query to return rows.





More information about the Freeradius-Users mailing list