Re: attribute assignment in post-auth?

[Norbert Wegener <norbert.wegener@siemens.com>]

Phil Mayers wrote:
> Norbert Wegener wrote:
> > With 1.1.7 I want to add  attributes to an eap authenticated client.
> > The rules for applying vlan are somewhat unusual, that I decided to 
> > use mysql and stored procedures to determine the values that have to 
> > be applied.
> > When I call the corresponding sql module from the authorize section, 
> > I run into the problem described at:
> > https://lists.freeradius.org/pipermail/freeradius-users/2007-September/066381.html 
> >
> > to which Alan already answered:
> >
> >  > Ideally, the attributes in the reply should be sent ONLY on
> >
> > > Access-Accept.  i.e. the configuration should NOT update the reply 
> > > until
> > > it has determined that the user has been authenticated.
> >
> > >  This involves moving most of the policy from the "authorize" section
> > > to the "post-auth" section.
>
> You can't currently do that. The post-auth handler does not expect the 
> query to return rows.
Could you suggest a workaround?
Is there code in the cvs which handles this?


Norbert Wegener

> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html