still about how to return some attributes only in Access-Accept packet
weiwei fang
fangvv at gmail.com
Wed May 26 04:32:21 CEST 2010
Yesterday, I post a question here:
weiwei fang wrote:
> Hello, all!
>
> I want some attributes only sent back to users in Access-Accept packet,
> but won't appear in Access-Challenge packet?
>
> How could I do? Now I just add the attribute in MySQL database, however,
> it is also contained in Access-Challenge packet.
> Read raddb/sites-available/default, and look for "challenge"
> Alan DeKok.
I uncommented the following lines in raddb/sites-available/default:
#
# The older configurations sent a number of attributes in
# Access-Challenge packets, which wasn't strictly correct.
# If you want to filter out these attributes, uncomment
# the following lines.
#
Auth-Type eap {
eap {
handled = 1
}
if (handled && (Response-Packet-Type == Access-Challenge)) {
attr_filter.access_challenge.post-auth
handled
# override the "updated" code from attr_filter
}
}
}
Now I use the EAPMD5 simple example to test it. I add "Framed-MTU = 1500" in
the req.txt and then run:
radeapclient -x localhost auth testing123 <req.txt
As in RFC2865, this attribute "Framed-MTU = 1500" should not returned in the
access-challenge packet.
however, I can still get it in the access-challenge packet. I don't know
why?
If I should add something in the
raddb/sites-available/attrs.access_challenge file?
Thanks a lot for your answer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100526/a71de99c/attachment.html>
More information about the Freeradius-Users
mailing list