Yesterday, I post a question here:
weiwei fang wrote:
> Hello, all!
>
> I want some attributes only sent back to users in Access-Accept packet,
> but won't appear in Access-Challenge packet?
>
> How could I do? Now I just add the attribute in MySQL database, however,
> it is also contained in Access-Challenge packet.
> Read raddb/sites-available/default, and look for "challenge"
> Alan DeKok.
I uncommented the following lines in raddb/sites-available/default:
#
# The older configurations sent a number of attributes in
# Access-Challenge packets, which wasn't strictly correct.
# If you want to filter out these attributes, uncomment
# the following lines.
#
Auth-Type eap {
eap {
handled = 1
}
if (handled && (Response-Packet-Type == Access-Challenge)) {
attr_filter.access_challenge.post-auth
handled
# override the "updated" code from attr_filter
}
}
}
Now I use the EAPMD5 simple example to test it. I add "Framed-MTU = 1500" in
the req.txt and then run:
radeapclient -x localhost auth testing123 <req.txt
As in RFC2865, this attribute "Framed-MTU = 1500" should not returned in the
access-challenge packet.
however, I can still get it in the access-challenge packet. I don't know
why?
If I should add something in the
raddb/sites-available/attrs.access_challenge file?
Thanks a lot for your answer.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
