On 07/03/11 10:10, paul smith wrote:
Is there some way I can tell the server not to run things in the
default post-auth, if the request has been through the inner-tunnel?
I'm thinking putting something like the following in the default
post-auth section
if (!proxy-reply:Packet-Type == "Access-Accept") {
radius-user-auth
}
How about:
post-auth {
if (!EAP-Message) {
...the exec module
}
}
However this always evaluates as true, even though I can see the
inner-tunnel authenticating successfully.
Inner tunnel is not proxying, so proxy-reply is always empty, hence
evaluates to "true". Don't confusing proxying with EAP phases.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html