29 Jan
2012
29 Jan
'12
10 p.m.
- each user performing 7 authentications during EAP negotiation
ummm, why? with correctly configured server and 'protection' of the authentication type, you should only hit your authentication server just once inside the EAP tunnel when the identity is set/known.
I'm not across the details - it was another person working on this who couldn't get the result we needed. We also tried moving rlm_sql from "authorize" to "postauth", but that didn't work because (as far as we could see) rlm_sql didn't have an option for setting reply attributes during "postauth". We have now worked around our 7x EAP problem by using a module configuration that allows us to place all our processing into "postauth".