Cached attributes

Jonathan Gazeley Jonathan.Gazeley at
Wed Feb 24 15:24:45 CET 2016

On 24/02/16 13:49, A.L.M.Buxey at wrote:
> Hi,
>> 	        update {
>> 	                &outer.session-state: += &reply:
>> 	                &outer.session-state:User-Name = &User-Name
>> 		}
> update outer.session-state {
> 		User-Name = &User-Name
> 		}
> ?
> what does debug show?

With your suggested change, for some reason it does a noop

(8)        update outer.session-state {
(8)          &outer.session-state:User-Name = &User-Name -> 
"iser-linauth at"
(8)        } # update outer.session-state (noop)

The outer User-Name should at this point be anonymous at so I 
would expect this update operation to make a change and set 
&outer.session-state:User-Name to iser-linauth etc.

I'm not sure if I'm tying myself in knots here. Basically, in the past 
we've decided on the user's VLAN in outer post-auth based on their inner 
username, which we access like %{reply:User-Name} with 
use_tunneled_reply=yes. This doesn't work with resumed sessions in FR3 
like it did on FR2 and we haven't been able to figure out why.

We don't want to cache the VLAN number itself, i.e. don't want to make 
the VLAN decision in the inner post-auth but we do want to cache the 
inner User-Name so it can be easily accessed later to do the VLAN 
calculation on resumed sessions.


More information about the Freeradius-Users mailing list