How to write log only once in Post-Auth-Type REJECT section of EAP module?

Alan DeKok aland at
Mon Jan 29 19:34:45 UTC 2024

On Jan 29, 2024, at 8:29 AM, 남혁준 <sawd1598 at> wrote:
> During the testing process, methods that seem likely to be usable are
> identified and added.
> However, this seems to ignore the warning(?) written in the comment. Is
> this the correct way?

  If it works, it's fine.

> I don't know if you are saying that you can't use session-state or that you
> shouldn't use it.

   It is saying that the session-state attributes don't exist there.

> I tried configuring it so that if the content copied from "INNER-EAP" to
> the following command exists, it is not executed.

  Why not just have the inner server do:

Post-Auth-Type REJECT {
	update outer.session-state {
		 &Module-Failure-Message += &request:Module-Failure-Message

  That should be fine.

  Alan DeKok.

More information about the Freeradius-Users mailing list