Peter Kaagman wrote: > After getting (p)eap an mschap working I'm faced with the following > problem: The client gets authenticated through mschap and receives an > Access-Accept but the rlm_perl added pair which where added in request 0 > are not send to the client.
That's how the server works. It doesn't cache attributes across multiple packets. You'll need to set the VLAN in the post-auth section. That's what it's for. Setting VLANs in the authorize section won't work. > I've tried several things to resolve this but with no result. One of > which was running the perl code in a post-auth event. This resulted in > something like 250 requests and the client not connecting., Uh.. it *will* work if you do it correctly. There's no magic. The client doesn't know about post-auth versus authorize. > Two things strike me as odd: > - There is a warning about 2 auth-types - perl and eap Do NOT set "Auth-Type = Perl". Why are you doing that? > - Why does the authorization run first? I would have thought > authentication comes first. The server runs authorize, authenticate, and then post-auth. The reasons are historical. > rlm_perl: Added pair User-Name = host/lt-pkn.atlas.atlascollege.nl > rlm_perl: Added pair EAP-Message = 0x020800061a03 > rlm_perl: Added pair State = 0xed1f2576ec173f556982a467baafe64e > rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1 > rlm_perl: Added pair Auth-Type = Perl Don't set that. > [peap] Got tunneled reply code 2 > MS-MPPE-Encryption-Policy = 0x00000001 > MS-MPPE-Encryption-Types = 0x00000006 > MS-MPPE-Send-Key = 0xa2a8dbf6f2cfb9fdbd0b000663af7c62 > MS-MPPE-Recv-Key = 0x2288dd50426a86ee2dca3737658de57c > EAP-Message = 0x03080004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "host/lt-pkn.atlas.atlascollege.nl" In which you don't set any additional attributes. > Sending Access-Accept of id 209 to 10.0.9.48 port 1645 > MS-MPPE-Recv-Key = > 0x33ecfbf5652ce567309f5f2b1710989bd8c1c1ef2e68386139e7c94f2eb06a75 > MS-MPPE-Send-Key = > 0x5c0639908bded95e2a61821743bf72ea714a6acc829016d7c4ce07edfdba4223 > EAP-Message = 0x03090004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "host/lt-pkn.atlas.atlascollege.nl" And you don't set any additional attributes here. Set the attributes in the post-auth section. It *will* work. If it doesn't, you did something wrong. Show *what* you did, what happened, and what you expected to see. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
