Hi! After read some of the guides for the EAP/(TLS/TTLS/PEAP) setup i was wondering why major of them indicate put "eap" on the authorize section of radiusd.conf Obiosuly, on the authenticate section "eap" must be set, but, on the authorize section? I have a working installation with EAP/TLS but the authorize sections just points to the mysql server (via the "sql" directive). What specifically do the eap module when its called from the authorize section? I'm asking this because i noted that always accpeted the user, and passed to the authenticate. I'm wrong? confused or simply missed something? The guides show us some "extra" steps that doesn't are necessary? Thks a lot!
Mario Alberto Cruz Gartner <mario.cruz@gmail.com> wrote:
What specifically do the eap module when its called from the authorize section? I'm asking this because i noted that always accpeted the user, and passed to the authenticate.
When it's listed in the "authorize" section, the "eap" module will set "Auth-Type := eap". In the future, it may do more. If you set "Auth-Type := eap" yourself, you may not need "eap" in the "authorize" section. But enough people get it wrong that it's easiest to make the default server configuration a little more complicated, to avoid many, many questions. Alan DeKok.
participants (2)
-
Alan DeKok -
Mario Alberto Cruz Gartner