25 Nov
2011
25 Nov
'11
10:49 a.m.
On 25/11/11 13:59, Edgar Fuß wrote:
Seems that I'm slowly getting it.
To authorize subscriber you should make a decision based on both subscriber profile and authentication result. This is what post-auth section does. Put your authorization policies in this section. So do I understand this correctly: if I, for example, want to put a client into a VLAN according to the EAP-TLS certificate issuer, the recommended way to to that is to use unlang to check %Client-Cert-Issuer in the post-auth section and use the "update reply" command to set the Tunnel-Private-Group-Id reply attribute? -
Yes, exactly so.