Emmanuel BILLOT wrote:
Could you explain what is the difference between the default file and the inner-tunnel file in /etc/raddb/site-enabled ?
This is documented in the comments at the top of the files. The "default" virtual server handles normal RADIUS traffic. However, some EAP types set up a TLS tunnel between the PC and the RADIUS server. The data *inside* of the TLS tunnel has to be authenticated. So... it's run through the "inner-tunnel" virtual server.
When running in debug mode, i see sometimes # Executing section authorize from file /etc/raddb/sites-enabled/default and sometimes # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
Not "sometimes". That is a very bad way to think about it. The debug log shows *exactly* what the server is doing. Read it slowly, it will make sense.
Is there any docs about the complete processing of EAP authentication ?
Nope. Alan DeKok.