Big "VSA + Proxy" problem
Alan Dekok
aland at deployingradius.com
Sun Jun 10 15:49:04 CEST 2007
Guilherme Franco wrote:
> With proxy configured, the user gets authenticated by bar.com but the
> VSA is not sent to bar.com (no traces of it in pre_proxy logs nor in
> radiusd -X debugs).
The debug logs will still tell you what modules are being executed,
and when. That will give information as to *why* it's not being added.
> Question: if that issue gets fixed and the VSA goes to bar.com, is
> there any way to bar.com return that same VSA untouched (considering
> that bar.com doesn't knows a thing about that VSA, i.e: it doesn't has
> any VSA info on it's database)? In fact, I don't need to send that VSA
> to bar.com, I just need to send it directly to my router(just like in
> the unproxied realm) but the proxy feature doesn't allow that.
This is what the post-auth section is for: adding attributes to
packets after a user has been authenticated.
This will be better supported in 2.0.0.
Alan DeKok.
More information about the Freeradius-Users
mailing list