Hi,
Hi all,
Is it possible to use anonymous outer identities with dynamic VLANing?
We have a problem with reauths when using anonymous outers, the initial login is fine and the VLAN is assigned using sql.authorize, but re-auths only seem to use the outer identity and hence no VLAN information is sent back in the access-accept packet.
On a reauth, the only mention I see of the real username is...
[peap] Adding cached attributes to the reply: User-Name = "test-user" [eap] Freeing handler ++[eap] returns ok Login OK: [anonymous@swansea.ac.uk] (from client wism port 29 cli 00-26-69-04-a7-f7)
Is it possible to capture this brief appearance of the real username to run the sql.authorize to get the correct VLAN info? Fast re-auth is disabled in experimental.conf (FR 2.1.7)
if you are doing the authorise in the main virtual server after the inner-tunnel has done its business, then you must copy the User-Name to an internal attribute that can be used in the post-auth section (for example) alan