On 28 Mar 2014, at 19:24, Lovaas,Steven <Steven.Lovaas@ColoState.EDU> wrote:
Arran, I think you're onto a very important point... especially for those of us who benefit from the visual in our learning habits. I personally benefited a lot by drawing out the basics of RADIUS in general and the FreeRADIUS server in particular, so that I could communicate with our network team and get our old servers updated to support the roll-out of eduroam on our campus. Your suggestion of some expansion and graphic help for the overall layout resonates with me... mental models, concept maps, and all that. A picture can help cement the basic landscape, and make more advanced conversations easier to sustain.
I'm in a busy mode and it will take me a while (no promises before summer?), but I'll commit to putting this kind of thing together.
Simple stuff like this is good. That took about two hours. Even I don't know the intricacies of all the flows within the server. The dotted lines represent when the request can loop back into a section. As far I can tell Authorize and Post-Auth are the only places this can happen. It happens when the request starts off in one section and then something happens that requires it to run through a different part of the same section. For authorize that's setting control:Autz-Type to something, and then the request leaving the section. For Post-Auth, it's rejecting the request. Oddly, if you start off in the main Pre-Proxy-Type section, and set control:Pre-Proxy-Type it doesn't loop back round into the Pre-Proxy-Type you set, it just carries on and proxies the request. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2