Dynamic VLANing and anonymous identity on re-auth?

Palmer J.D.F. J.D.F.Palmer at swansea.ac.uk
Mon Nov 2 15:21:22 CET 2009


Hi all,

Is it possible to use anonymous outer identities with dynamic VLANing?

We have a problem with reauths when using anonymous outers, the initial
login is fine and the VLAN is assigned using sql.authorize, but re-auths
only seem to use the outer identity and hence no VLAN information is
sent back in the access-accept packet.

On a reauth, the only mention I see of the real username is...

[peap] Adding cached attributes to the reply:
        User-Name = "test-user"
[eap] Freeing handler
++[eap] returns ok
Login OK: [anonymous at swansea.ac.uk] (from client wism port 29 cli
00-26-69-04-a7-f7)

Is it possible to capture this brief appearance of the real username to
run the sql.authorize to get the correct VLAN info?
Fast re-auth is disabled in experimental.conf (FR 2.1.7)

Many thanks,
Jezz Palmer.


-------------------------------------
Jezz Palmer
Library & Information Services
Swansea University
Singleton Park
Swansea
SA2 8PP
-------------------------------------










More information about the Freeradius-Users mailing list