Hi, > In addition, if you're seeing the VSAs in Access-Challenge, it's > most likely because you're returning them in the "authorize" second. > Instead, consider returning them in the "post-auth" section of the > "inner-tunnel" server, combined with the config above.
dont forget RFC 2865 Access-Challenge The Attributes field MAY have one or more Reply-Message Attributes, and MAY have a single State Attribute, or none. Vendor-Specific, Idle-Timeout, Session-Timeout and Proxy-State attributes MAY also be included. No other Attributes defined in this document are permitted in an Access-Challenge. ensure only the right things are in those challenge packets alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
