Huckle Berry wrote:
This was beginning to occur to me. Initially I ignored proxy.conf because i figured I would never need to proxy anything, but I now see FR proxies to itself...
It treats the inner tunnel session as a (largely) independent RADIUS request. This makes server design && configuration easier. It also means that FreeRADIUS has capabilities that other RADIUS servers don't have.
OK, I just tested this and it resulted in me DoS myself as the request bounced back and forth between 127.0.0.1 and 192.168.1.3. This happened both with my eap.conf and the default eap.conf. Something about there being 200+ Proxy-State attributes.
So... don't do that. That proxy loop is *not* in the default configuration. It only happens when you try to force proxying for a realm to loop back to the server. Why would this *ever* be a good idea?
2) in users file you include the details for the user 'user' eg
user Cleartext-Password := "password"
I'm using Certificate based authentication, with myself as the CA, so no password should be needed correct? Or is the Password used to sign the cert needed here?
No. You don't need a password. Alan DeKok.