post-auth, yes, see the virtual server config below. Remember TEST1 and TEST2 are the same virtual server, just proxying to them via different methods. That's why I was getting confused, They behave differently if you proxy to them in different ways.
my initial thought was your attr_filter wasnt allowing that attribute through from the virtual_server (much like it would strip it out if the domain/realm wasnt allowed - check pre-proxy and post-proxy parts)
No attr filters. Ok I think we're getting somewhere with the pre- and post- proxy parts.
When I tried having the sql methods in there I got the following (Note 2 starts in debug 1 for pre, 1 for post)
Module: Checking pre-proxy {...} for more modules to load /etc/freeradius/sites-enabled/test[59]: "SQL" modules aren't allowed in 'pre-proxy' sections -- they have no such method. /etc/freeradius/sites-enabled/test[58]: Errors parsing pre-proxy section.
Use sql.authorize instead. Ivan Kalik