Hi,Emmanuel BILLOT wrote:
> Could you explain what is the difference between the default file and
> the inner-tunnel file in /etc/raddb/site-enabled ?
This is documented in the comments at the top of the files.
The "default" virtual server handles normal RADIUS traffic. However,
some EAP types set up a TLS tunnel between the PC and the RADIUS server.
The data *inside* of the TLS tunnel has to be authenticated.
So... it's run through the "inner-tunnel" virtual server.
Sorry i didn't use correct words. I tried to follow each line in a radiusd -X output.
> When running in debug mode, i see sometimes
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> and
> sometimes
> # Executing section authorize from file
> /etc/raddb/sites-enabled/inner-tunnel
Not "sometimes". That is a very bad way to think about it. The debug
log shows *exactly* what the server is doing. Read it slowly, it will
make sense.
--
> Is there any docs about the complete processing of EAP authentication ?
Nope.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
10, rue Molière - 45000 Orléans
Tél : 02 38 79 45 57