post-auth section in FR v2.1.12

gabriel_skupien gabriel_skupien at o2.pl
Tue Jun 10 17:50:17 CEST 2014


I am using EAP-TLS and I am trying to use post-auth section to dynamically
assign (based on the ldap group membership) vlan ID to the user. Leaving
the LDAP part away for testing purposes and concentrating just on the
post-auth section - I cannot make FR to override VLAN ID in post-auth
section. Here is the config:

post-auth {
        update reply {
                Tunnel-Type := VLAN
                Tunnel-Medium-Type := IEEE-802
                Tunnel-Private-Group-Id := "36"
        }
        exec
        Post-Auth-Type REJECT {
                attr_filter.access_reject
        }
}

And nothing happens here:

....
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[reply] returns noop
++[exec] returns noop
Sending Access-Challenge of id 127 to X.X.X.X port 32769
	Tunnel-Private-Group-Id:0 = "36"
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	EAP-Message = 0x03040004
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd55884fdd75c9555353e80afe21cb577
Finished request 6.
....
But it finally ends with this:
.....
Sending Access-Accept of id 128 to X.X.X.X port 32769
	Tunnel-Private-Group-Id:0 = "84"
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	Cisco-AVPair += "XXX"
	EAP-Message = 0xXXXX
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "XXXX"
Finished request 7.

Hence, 3 questions:
1) Does FR v2.1.12 support post-auth section?
2) Can you explain the aim of "Sending Access-Challenge" ?
2) Where is the best place to authorize users in LDAP while using EAP-TLS?
Is it post-auth?

ps. it works fine while authorizing users based on LDAP in the authorize
section but we prefer to postpone this task to post-auth. In that way we
can achieve to goals:
-use ldap group membership for vlan assignments and
-significantly reduce LDAP load

jinx


More information about the Freeradius-Users mailing list