Dynamic VLANing and anonymous identity on re-auth?
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Nov 2 15:52:41 CET 2009
Hi,
> Hi all,
>
> Is it possible to use anonymous outer identities with dynamic VLANing?
>
> We have a problem with reauths when using anonymous outers, the initial
> login is fine and the VLAN is assigned using sql.authorize, but re-auths
> only seem to use the outer identity and hence no VLAN information is
> sent back in the access-accept packet.
>
> On a reauth, the only mention I see of the real username is...
>
> [peap] Adding cached attributes to the reply:
> User-Name = "test-user"
> [eap] Freeing handler
> ++[eap] returns ok
> Login OK: [anonymous at swansea.ac.uk] (from client wism port 29 cli
> 00-26-69-04-a7-f7)
>
> Is it possible to capture this brief appearance of the real username to
> run the sql.authorize to get the correct VLAN info?
> Fast re-auth is disabled in experimental.conf (FR 2.1.7)
if you are doing the authorise in the main virtual server after the
inner-tunnel has done its business, then you must copy the User-Name
to an internal attribute that can be used in the post-auth section
(for example)
alan
More information about the Freeradius-Users
mailing list