post-auth section in FR v2.1.12

Alan DeKok aland at
Tue Jun 10 17:58:39 CEST 2014

gabriel_skupien wrote:
> Hence, 3 questions:
> 1) Does FR v2.1.12 support post-auth section?

  It should.  But you should really also try 2.2.5, as 2.1.12 is four
years out of date.

> 2) Can you explain the aim of "Sending Access-Challenge" ?

  That's how the protocol works.

> 2) Where is the best place to authorize users in LDAP while using EAP-TLS?

  That depends on what you're doing.

> Is it post-auth?

  For you, yes.

> ps. it works fine while authorizing users based on LDAP in the authorize
> section but we prefer to postpone this task to post-auth. In that way we
> can achieve to goals:
> -use ldap group membership for vlan assignments and
> -significantly reduce LDAP load

  List "ldap.authorize" in the "post-auth" section.

  Alan DeKok.

More information about the Freeradius-Users mailing list