|

»

FreeRadius - User

Dynamic VLANing and anonymous identity on re-auth?

View: New views

3 Messages — Rating Filter: Alert me

	Dynamic VLANing and anonymous identity on re-auth? by Palmer J.D.F. :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi all, Is it possible to use anonymous outer identities with dynamic VLANing? We have a problem with reauths when using anonymous outers, the initial login is fine and the VLAN is assigned using sql.authorize, but re-auths only seem to use the outer identity and hence no VLAN information is sent back in the access-accept packet. On a reauth, the only mention I see of the real username is... [peap] Adding cached attributes to the reply: User-Name = "test-user" [eap] Freeing handler ++[eap] returns ok Login OK: [anonymous@...] (from client wism port 29 cli 00-26-69-04-a7-f7) Is it possible to capture this brief appearance of the real username to run the sql.authorize to get the correct VLAN info? Fast re-auth is disabled in experimental.conf (FR 2.1.7) Many thanks, Jezz Palmer. ------------------------------------- Jezz Palmer Library & Information Services Swansea University Singleton Park Swansea SA2 8PP ------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	Re: Dynamic VLANing and anonymous identity on re-auth? by Alan Buxey :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, > Hi all, > > Is it possible to use anonymous outer identities with dynamic VLANing? > > We have a problem with reauths when using anonymous outers, the initial > login is fine and the VLAN is assigned using sql.authorize, but re-auths > only seem to use the outer identity and hence no VLAN information is > sent back in the access-accept packet. > > On a reauth, the only mention I see of the real username is... > > [peap] Adding cached attributes to the reply: > User-Name = "test-user" > [eap] Freeing handler > ++[eap] returns ok > Login OK: [anonymous@...] (from client wism port 29 cli > 00-26-69-04-a7-f7) > > Is it possible to capture this brief appearance of the real username to > run the sql.authorize to get the correct VLAN info? > Fast re-auth is disabled in experimental.conf (FR 2.1.7) if you are doing the authorise in the main virtual server after the inner-tunnel has done its business, then you must copy the User-Name to an internal attribute that can be used in the post-auth section (for example) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	RE: Dynamic VLANing and anonymous identity on re-auth? by Palmer J.D.F. :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > if you are doing the authorise in the main virtual server after the > inner-tunnel has done its business, then you must copy the User-Name > to an internal attribute that can be used in the post-auth section > (for example) Does the inner-tunnel get called on a re-auth? As said the only time I see the real username on a re-auth is when it appears to be produced from the cache. > [peap] Adding cached attributes to the reply: > User-Name = "test-user" At what point can I copy it? I have sql.authorize sections in post-auth on both the inner and default sections, I've tried putting them all over the place. :-D Cheers, Jezz. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html