From 00780c61363cb7188c77efee583db39c4f4a4dce Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Mon, 15 Jun 2009 10:48:51 +0200
Subject: [PATCH] Document how to filter access-challenges

---
 raddb/sites-available/default | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 4e46a2b..fd98790 100644
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -287,6 +287,22 @@ authenticate {
 	#
 	#  Allow EAP authentication.
 	eap
+
+	#
+	#  The older configurations sent a number of attributes in
+	#  Access-Challenge packets, which wasn't strictly correct.
+	#  If you want to filter out these attributes, uncomment
+	#  the following lines.
+	#
+#	Auth-Type eap {
+#		eap {
+#			handled = 1  
+#		}
+#		if (handled && (Response-Packet-Type == Access-Challenge)) {
+#			attr_filter.access_challenge.post-auth
+#			handled  # override the "updated" code from attr_filter
+		}
+#	}
 }
 
 
-- 
2.1.4