terminating EAP tunnels, proxy and realms

Alan DeKok aland at deployingradius.com
Mon Jun 25 17:17:57 CEST 2007


Arran Cudbard-Bell wrote:
>>   I'm not sure why that matters.  the *NAS* sets User-Name in the
>> Access-Request.  The proxying server doesn't have to do anything.
> 
> Well it needs to be able to read an identity of *some* kind, else how 
> would it know where to proxy the packets to .

  The NAS doesn't proxy the packets by user name.  It just sends them to
the locally configured RADIUS server.  The NAS doesn't really set the
user name, either.  It just copies it from the EAP packet sent by the
supplicant.

> Yes but it still needs to grab various attributes from the SQL database, 
> and I thought a different query was run for post-auth ... as in the one 
> that logs reply packets ;) ?

  Hmm... that may need fixing.

  Alan DeKok.



More information about the Freeradius-Users mailing list