Access to the attributes lists in different sections
Alan DeKok
aland at deployingradius.com
Fri Apr 27 15:20:01 CEST 2018
On Apr 27, 2018, at 5:54 AM, work vlpl <thework.vlpl at gmail.com> wrote:
> My question is - Is there other way or attribute list, to store some data
> during full radius authentication session (until freeradius send
> Access-Reject reply), to be get able access to stored data from all
> sections (authorize, post-auth, Post-Auth-Type REJECT, pre-proxy,
> post-proxy etc.)?
Use a database.
The session-state list is automatically managed by the server for an authentication session. It's used to store data about that session.
Without session-state, each packet is processed independently of all other packets.
> Or maybe there is a way to configure freeradius to not
> clear session-state list after Access-Reject reply from home server?
The code *should* clear session-state only after running the post-auth section.
I think what's happening is that it's using the outer State attribute inside of the inner tunnel. So when the inner tunnel returns Access-Reject, the session-state is cleared. Which just happens to be the same state as for the outer session.
I think the solution is to just not delete the session state when inside the inner-tunnel. It will be deleted in the outer tunnel anyways, so that should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list