On 28 Mar 2014, at 19:24, Lovaas,Steven <Steven.Lovaas@ColoState.EDU> wrote:

Arran, I think you're onto a very important point... especially for those of us who benefit from the visual in our learning habits. I personally benefited a lot by drawing out the basics of RADIUS in general and the FreeRADIUS server in particular, so that I could communicate with our network team and get our old servers updated to support the roll-out of eduroam on our campus. Your suggestion of some expansion and graphic help for the overall layout resonates with me... mental models, concept maps, and all that. A picture can help cement the basic landscape, and make more advanced conversations easier to sustain.

I'm in a busy mode and it will take me a while (no promises before summer?), but I'll commit to putting this kind of thing together.




Simple stuff like this is good.

That took about two hours. Even I don't know the intricacies of all the flows within the server.

The dotted lines represent when the request can loop back into a section. As far I can tell 
Authorize and Post-Auth are the only places this can happen.

It happens when the request starts off in one section and then something happens that requires
it to run through a different part of the same section.

For authorize that's setting control:Autz-Type to something, and then the request leaving the 
section. For Post-Auth, it's rejecting the request.

Oddly, if you start off in the main Pre-Proxy-Type section, and set control:Pre-Proxy-Type it doesn't
loop back round into the Pre-Proxy-Type you set, it just carries on and proxies the request.

-Arran

Arran Cudbard-Bell <a.cudbardb@freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2