Hi, > In order to also return e.g. VLAN IDs (that could be computed from the > inner User-Name in a non-session-resumption enabled config), I can move > the config that sets the VLAN to the outer tunnel post-auth && ensure the > inner tunnel sets: > reply:outer User-Name to request:inner User-Name > and then key my VLAN computation (in outer post-auth) from reply:User-Name. > > I can see other possibilities to do this (e.g. cache > Tunnel-Private-Group-Id in the TLS session cache), but the above seems ok > to me. Can anyone on the list spot any problems, something that I've > missed / gotchas with the above?
this is a fine idea - you only need to hit the handling logic post-auth (after the basic accept/reject has been done). just ensure that you dont pass this inner-id stuff back to remote proxies. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
