How to bypass some logic during EAP-TLS auth?
Matthew Newton
mcn at freeradius.org
Sat Nov 2 21:10:35 UTC 2024
On 02/11/2024 21:05, Alexey D. Filimonov wrote:
>
> Currently I have several if()s in authorize{} before eap and I think I
> can not move it past EAP call
>
> But during EAP authentication I see this logic gets executed 8(!) times
> in -X debug session.
>
> Can I wrap those if()s into some rule like "If session is new, then
> execute wrapped logic, else - just bypass wrapped block"?
Use an attribute in the session-state list, which exists over all
packets in the same session. It will be empty in the first request.
authorize {
if (!&session-state:Tmp-Integer-1) {
update session-state {
&Tmp-Integer-1 := 1
}
... stuff only the first time here ...
}
... everything else here ...
}
--
Matthew
More information about the Freeradius-Users
mailing list