Inner tunnel post auth question

Phil Mayers p.mayers at imperial.ac.uk
Fri May 10 15:11:15 CEST 2013


On 10/05/13 13:53, Franks Andy (RLZ) IT Systems Engineer wrote:
> Hi,
>
>    This may have come up before but I can’t find any solutions :
>
> I’m using a NAS which alwaysperformsEAP/MSCHAP2authentication, so I’ve
> stripped the sites-enabled/default right down to pretty much just
> include the eap stuff for authorisation/authentication, and am doing all
> the rest inside the inner tunnel–fine.
>
> When the radius returns an access-accept, it runs the stuff in
> theinner-tunnelpost_auth section ok, and I can record the attributes I
> want to a mysql db, including a custom ldap attribute inserted into a
> control variable.
>
> However it seems that following a reject, the post_auth reject section
> of inner-tunnel isn’t actually used, so it doesn’t record any info about
> the attributes in the sql databaseif I use an sql call.

Correct. This is fixed in 2.x.x head and 3.x

See here:

https://github.com/FreeRADIUS/freeradius-server/commit/860dd99c9d6390686b12f622a87f2f82d84bc867#src/main/auth.c


More information about the Freeradius-Users mailing list