Thanks for the help guys, but I don't think that's going to work for me. I was doing some testing today and it doesn't seem like I can add a filter-id to the access-accept packet from the post-auth function. Our switches require that to set the policy. Am I missing something here?
----- Original Message ----- From: [EMAIL PROTECTED] Sent: Fri, 8/22/2008 3:10am To: FreeRadius users mailing list <[email protected]> Subject: Re: NAS-IP-Address, rlm_perl, and loopback Hi, > Which explains what's going on. PEAP is really two things: an outer > TLS session, and inner EAP-MSCHAPv2 authentication. So there are *two* > streams of RADIUS packets. One that sets up the tunnel, and one that > does the authentication inside of the tunnel. yep - so if you only want to define a policy after successful authentication, you only call the 'perl' routine in the post-auth section - therefore it doesnt get called all the time. As Alan pointed out. You should also ensure that , if this is the case, you only have the post-auth function defined in the perl module and in the perl code. no need to have any other functions enabled. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
