7 Mar
2011
7 Mar
'11
6:08 a.m.
On 07/03/11 10:10, paul smith wrote:
Is there some way I can tell the server not to run things in the default post-auth, if the request has been through the inner-tunnel?
I'm thinking putting something like the following in the default post-auth section
if (!proxy-reply:Packet-Type == "Access-Accept") { radius-user-auth }
How about: post-auth { if (!EAP-Message) { ...the exec module } }
However this always evaluates as true, even though I can see the inner-tunnel authenticating successfully.
Inner tunnel is not proxying, so proxy-reply is always empty, hence evaluates to "true". Don't confusing proxying with EAP phases.