Alan DeKok wrote:
Arran Cudbard-Bell wrote:
It is , far far far easier to understand, especially when loading the config files... as the text scrolling down the screen actually resembles the config file you've just been editing.
Thanks. That's what the intention was.
Just to clarify with EAP
updated -> I need to do db lookups to get password hashes etc ok -> I'm processing an eap conversation , so don't bother with the other modules. noop -> Theres no eap message so i'm not going to do anything.
Yes. See the comments around "eap" in the "authorize" section of "radiusd.conf" in the latest CVS.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Ok so in a EAP conversation EAP will return updated on the start of the conversation To save establishing the TLS connection for a user which can never be authenticated ? --- On inner encryption start , so the initial challenge if your using mschap/chap. Possibly to calculate the challenge (I don't know the inner workings of mschap). --- When the response from the challenge is recieved. Obviously needed to check the response is correct. --- And then finally, when the user has to be authorised. So you've halved the load on the db for EAP-PEAP :) And now theres no need to mess about with Authz-Types ... So no need to put the original source ip in internally forwarded packets. Ok well, thats fixed just about all the issues I had with freeRADIUS. Hows that book coming ? :) -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900