On Apr 27, 2018, at 5:54 AM, work vlpl <thework.vlpl@gmail.com> wrote:
My question is - Is there other way or attribute list, to store some data during full radius authentication session (until freeradius send Access-Reject reply), to be get able access to stored data from all sections (authorize, post-auth, Post-Auth-Type REJECT, pre-proxy, post-proxy etc.)?
Use a database. The session-state list is automatically managed by the server for an authentication session. It's used to store data about that session. Without session-state, each packet is processed independently of all other packets.
Or maybe there is a way to configure freeradius to not clear session-state list after Access-Reject reply from home server?
The code *should* clear session-state only after running the post-auth section. I think what's happening is that it's using the outer State attribute inside of the inner tunnel. So when the inner tunnel returns Access-Reject, the session-state is cleared. Which just happens to be the same state as for the outer session. I think the solution is to just not delete the session state when inside the inner-tunnel. It will be deleted in the outer tunnel anyways, so that should work. Alan DeKok.