Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP.
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Sep 9 20:00:50 CEST 2014
Hi,
> With proxying turned on, when an "outsider" connects to an AP of ours, the debug log shows:
>
> ...
> eap: Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP.
> [ eap ] = noop
> ...
normal
> Conversely, everything in the authorize section that follows:
>
> eap {
> ok = return
> }
>
> is executed for each roundtrip between the client and the remote server; in the case of EAP, that may mean a dozen of DB queries, a dozen of lines logged thru a linelog instance, and so on.
correct...as its not part of an EAP conversation....so it will get hit. the question is whether
you want or need it to be hit...especially for 'outsiders'. if using EAP, then the outerID is rubbish
really - put all the exotic stuff in your inner-tunnel (so 'outsiders' dont hit it....and if you need
some other stuff in the default 'authorize' section then use unlang eg
if("%{User-Name}" ~= /@realm/ ) {
ldap
}
sort of thing
alan
More information about the Freeradius-Users
mailing list