attribute assignment in post-auth?
Norbert Wegener
norbert.wegener at siemens.com
Thu Dec 13 19:57:47 CET 2007
Phil Mayers wrote:
> Norbert Wegener wrote:
>> With 1.1.7 I want to add attributes to an eap authenticated client.
>> The rules for applying vlan are somewhat unusual, that I decided to
>> use mysql and stored procedures to determine the values that have to
>> be applied.
>> When I call the corresponding sql module from the authorize section,
>> I run into the problem described at:
>> https://lists.freeradius.org/pipermail/freeradius-users/2007-September/066381.html
>>
>> to which Alan already answered:
>>
>> > Ideally, the attributes in the reply should be sent ONLY on
>>
>>> Access-Accept. i.e. the configuration should NOT update the reply
>>> until
>>> it has determined that the user has been authenticated.
>>
>>> This involves moving most of the policy from the "authorize" section
>>> to the "post-auth" section.
>
> You can't currently do that. The post-auth handler does not expect the
> query to return rows.
Could you suggest a workaround?
Is there code in the cvs which handles this?
Norbert Wegener
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list