session-state inside Post-Auth-Type REJECT
Hello, I am using 3.0.17 (git #511dfd77d) version. Documentation says what session-state attributes are not available inside Post-Auth-Type REJECT https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/sites-avai... , but in debug log I have access to it. # Executing group from file /usr/local/etc/raddb/sites-enabled/testing-stie (9) Post-Auth-Type REJECT { (9) policy debug_session { (9) if ("%{debug_attr:session-state:}" == '') { (9) Attributes matching "session-state:" (9) &session-state:User-Name := testing_remote (9) EXPAND %{debug_attr:session-state:} (9) --> (9) if ("%{debug_attr:session-state:}" == '') -> TRUE (9) if ("%{debug_attr:session-state:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:session-state:}" == '') = noop (9) } # policy debug_session = noop Is this expected behavior? This is eap request, and I set session state inside inner-tunel like this (7) update outer.session-state { (7) User-Name := &reply:Supplicant-User-Name -> 'testing_remote' (7) } # update outer.session-state = noop -- Vladimir
On Jan 30, 2018, at 3:42 AM, work vlpl <thework.vlpl@gmail.com> wrote:
Documentation says what session-state attributes are not available inside Post-Auth-Type REJECT https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/sites-avai... , but in debug log I have access to it.
It's fine.
Is this expected behaviour?
Yes. The session-state attributes are removed after the Reject is sent. Alan DeKok.
participants (2)
-
Alan DeKok -
work vlpl