Setting final response attributes for EAP

Brian Candler B.Candler at pobox.com
Tue Sep 18 15:16:09 CEST 2012


When a user logs into a wireless AP, I would to include some per-user
response attributes, in particular Acct-Interim-Interval = 600

However freeradius -X shows that this isn't happening, and it appears to be
because of the following stanza in the default config:

        #  The example below uses module failover to avoid querying all
        #  of the following modules if the EAP module returns "ok".
        #  Therefore, your LDAP and/or SQL servers will not be queried
        #  for the many packets that go back and forth to set up TTLS
        #  or PEAP.  The load on those servers will therefore be reduced.
        #
        eap {
                ok = return
        }

What's the recommended solution here? Is it possible to distinguish between
the final EAP accept and the earlier Access-Challenge, so that just the
final response does a database lookup for the required user response
attributes?

Thanks,

Brian.


More information about the Freeradius-Users mailing list