Hi,
With proxying turned on, when an "outsider" connects to an AP of ours, the debug log shows:
... eap: Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP. [ eap ] = noop ...
normal
Conversely, everything in the authorize section that follows:
eap { ok = return }
is executed for each roundtrip between the client and the remote server; in the case of EAP, that may mean a dozen of DB queries, a dozen of lines logged thru a linelog instance, and so on.
correct...as its not part of an EAP conversation....so it will get hit. the question is whether you want or need it to be hit...especially for 'outsiders'. if using EAP, then the outerID is rubbish really - put all the exotic stuff in your inner-tunnel (so 'outsiders' dont hit it....and if you need some other stuff in the default 'authorize' section then use unlang eg if("%{User-Name}" ~= /@realm/ ) { ldap } sort of thing alan