post-auth configuration

Alan DeKok aland at
Wed Jun 13 13:35:33 CEST 2018

On Jun 12, 2018, at 5:46 AM, Dom Latter <freeradius-users at> wrote:
> It seems that my update to the outer session state has to be in both the
> main post-auth section and the REJECT subsection.

  Because if you *read the debug output*, the main "post-auth" section is run only for Access-Accept, and the REJECT subsection is run only for Access-Reject.

>  Seems a bit counter-
> intuitive; what I would expect is the main section to apply to both ACCEPTs and REJECTs and then subsections to be applied additionally
> where appropriate.  So just wondering what the rationale is.

  Why would you expect that?

  The server works as documented.  If your expectations are different from that, then they're wrong.

  i.e. READ the comments in the configuration you're editing.  They explain how the server works.  They should correct any misconceptions you have.

  Alan DeKok.

More information about the Freeradius-Users mailing list