preproxy_users doesn't filter attributes

[Alan DeKok]

Michael da Silva Pereira wrote:
> There is no clear way to separate between which requests (from or to
> home servers/post-proxy or pre-proxy).

  Huh?  What do you mean by that?

  The pre-proxy section is processed before the request is sent to the
home server.  The post-proxy section is processed when the reply is
received from the home server.

  This is documented.

> So I tried this with success:
> 
> Add this to the radiusd.conf, I added this under the "attr_filter {"
> line, which is part of the "Modules" section in the config file.
> attr_filter preproxy_attrfilter {
>                 attrsfile = ${confdir}/preproxy_attrfilter
> }

  There's already a sample pre-proxy configuration for the attrfilter
module.  Why is it necessary to create another one?

> Then under the pre-proxy section before the "files" line add a line
> "preproxy_attrfilter", Or before any custom auth stuff you have in
> there. (example:)
> pre-proxy {
>         preproxy_attrfilter

  There's already a sample pre-proxy configuration for the attrfilter
module in the "pre-proxy" section.  Why is it necessary to create
another one?

> Then add the filters into the file preproxy_attrfilter in
> /etc/freeradius or whatever your config directory is called.

  There's already a file raddb/attrs.preproxy.  Why is it necessary to
create another one?

  Is there something about the existing documentation that isn't sufficient?

  Alan DeKok.