Setting final response attributes for EAP
Brian Candler
B.Candler at pobox.com
Tue Sep 18 15:16:09 CEST 2012
When a user logs into a wireless AP, I would to include some per-user
response attributes, in particular Acct-Interim-Interval = 600
However freeradius -X shows that this isn't happening, and it appears to be
because of the following stanza in the default config:
# The example below uses module failover to avoid querying all
# of the following modules if the EAP module returns "ok".
# Therefore, your LDAP and/or SQL servers will not be queried
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
eap {
ok = return
}
What's the recommended solution here? Is it possible to distinguish between
the final EAP accept and the earlier Access-Challenge, so that just the
final response does a database lookup for the required user response
attributes?
Thanks,
Brian.
More information about the Freeradius-Users
mailing list