Document how to filter access-challenges

author Alan T. DeKok <aland@freeradius.org>

Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)
author Alan T. DeKok <aland@freeradius.org>
Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)
diff --git a/raddb/sites-available/default b/raddb/sites-available/default

index 4e46a2b..fd98790 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -287,6 +287,22 @@ authenticate {
         #
         #  Allow EAP authentication.
         eap
+
+       #
+       #  The older configurations sent a number of attributes in
+       #  Access-Challenge packets, which wasn't strictly correct.
+       #  If you want to filter out these attributes, uncomment
+       #  the following lines.
+       #
+#      Auth-Type eap {
+#              eap {
+#                      handled = 1  
+#              }
+#              if (handled && (Response-Packet-Type == Access-Challenge)) {
+#                      attr_filter.access_challenge.post-auth
+#                      handled  # override the "updated" code from attr_filter
+               }
+#      }
  }
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 15 Jun 2009 08:48:51 +0000 (10:48 +0200)