10 Jun
2014
10 Jun
'14
11:58 a.m.
gabriel_skupien wrote:
Hence, 3 questions: 1) Does FR v2.1.12 support post-auth section?
It should. But you should really also try 2.2.5, as 2.1.12 is four years out of date.
2) Can you explain the aim of "Sending Access-Challenge" ?
That's how the protocol works.
2) Where is the best place to authorize users in LDAP while using EAP-TLS?
That depends on what you're doing.
Is it post-auth?
For you, yes.
ps. it works fine while authorizing users based on LDAP in the authorize section but we prefer to postpone this task to post-auth. In that way we can achieve to goals: -use ldap group membership for vlan assignments and -significantly reduce LDAP load
List "ldap.authorize" in the "post-auth" section. Alan DeKok.