Le 12/06/12, Alan DeKok <aland@deployingradius.com> a écrit :
Emmanuel BILLOT wrote:
Could you explain what is the difference between the default file and the inner-tunnel file in /etc/raddb/site-enabled ?
This is documented in the comments at the top of the files.
The "default" virtual server handles normal RADIUS traffic. However, some EAP types set up a TLS tunnel between the PC and the RADIUS server. The data *inside* of the TLS tunnel has to be authenticated.
So... it's run through the "inner-tunnel" virtual server.
Hi, Ok that's what i read from you on another post.
When running in debug mode, i see sometimes # Executing section authorize from file /etc/raddb/sites-enabled/default and sometimes # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
Not "sometimes". That is a very bad way to think about it. The debug log shows *exactly* what the server is doing. Read it slowly, it will make sense.
Sorry i didn't use correct words. I tried to follow each line in a radiusd -X output. It begins with a a complete request, and the authorize section. Parsing each authorize mechanism, only eap doesn't return "noops". A first question : the default file says eap { return ok } EAP request comes with EAP message and is so captured by the eap authorize section, right ? It returns an update of the original request with Auth-Type = EAP I can't understand why there is then one second authorize check.
Is there any docs about the complete processing of EAP authentication ?
Nope.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Emmanuel BILLOT CATEL - Dpt. Système et Réseaux Rectorat - Académie d'Orléans-Tours 10, rue Molière - 45000 Orléans Tél : 02 38 79 45 57