On Sep 13, 2022, at 2:39 PM, Grosjean Cyril <cygrosjean+freeradius@gmail.com> wrote:
On my setup (again, pretty much the same as “google_ldap_auth” site), I validate the cache_auth_accept/reject on the authorize part.
That doesn't work for EAP-GTC.
I’m using the debug_all module to take into advantage all the step, and I can see that it is only on the authenticate part that GTC expand the User-Password part. If I could expand the “User-Password” variable after the “eap” step in authorize, it would make my life easier (and compatible with the “google_ldap_auth” setup)"
— So, I tried your suggestion that I should try the cache in the authenticate part, in the Auth-Type associated. I hope I understand you right.
But again, if I’m right, it seems that cache module isn’t usable in the authenticate part ( https://github.com/FreeRADIUS/freeradius-server/blob/0962a824d7a7bd0c1c8390c... ) Should I modify my Freeradius to being able to use it in the authenticate part ?
No. You can run the "authorize" method of the cache module by doing: cache_auth_accept.authorize Alan DeKok.