Guilherme Franco wrote:
With proxy configured, the user gets authenticated by bar.com but the VSA is not sent to bar.com (no traces of it in pre_proxy logs nor in radiusd -X debugs).
The debug logs will still tell you what modules are being executed, and when. That will give information as to *why* it's not being added.
Question: if that issue gets fixed and the VSA goes to bar.com, is there any way to bar.com return that same VSA untouched (considering that bar.com doesn't knows a thing about that VSA, i.e: it doesn't has any VSA info on it's database)? In fact, I don't need to send that VSA to bar.com, I just need to send it directly to my router(just like in the unproxied realm) but the proxy feature doesn't allow that.
This is what the post-auth section is for: adding attributes to packets after a user has been authenticated.
This will be better supported in 2.0.0. Alan DeKok.