Hi, > Hi all, > > Is it possible to use anonymous outer identities with dynamic VLANing? > > We have a problem with reauths when using anonymous outers, the initial > login is fine and the VLAN is assigned using sql.authorize, but re-auths > only seem to use the outer identity and hence no VLAN information is > sent back in the access-accept packet. > > On a reauth, the only mention I see of the real username is... > > [peap] Adding cached attributes to the reply: > User-Name = "test-user" > [eap] Freeing handler > ++[eap] returns ok > Login OK: [[email protected]] (from client wism port 29 cli > 00-26-69-04-a7-f7) > > Is it possible to capture this brief appearance of the real username to > run the sql.authorize to get the correct VLAN info? > Fast re-auth is disabled in experimental.conf (FR 2.1.7)
if you are doing the authorise in the main virtual server after the inner-tunnel has done its business, then you must copy the User-Name to an internal attribute that can be used in the post-auth section (for example) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
