On 25/11/11 13:59, Edgar Fuß wrote:
Seems that I'm slowly getting it.
To authorize subscriber you should make a decision based on both
subscriber profile and authentication result. This is what
post-auth section does. Put your authorization policies in this
section.
So do I understand this correctly: if I, for example, want to put a
client into a VLAN according to the EAP-TLS certificate issuer, the
recommended way to to that is to use unlang to check
%Client-Cert-Issuer in the post-auth section and use the "update
reply" command to set the Tunnel-Private-Group-Id reply attribute? -
Yes, exactly so.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
