Hi, Does setting Service-Type AVP to Authorize-Only in a RADIUS REQUEST make FreeRADIUS do only the authorization part? I am using FreeRADIUS Version 2.1.12. I do not know much about of how freeRADIUS works, but I am looking to get either of these scenarios working - Case 1: authenticate a user (using EAP-SIM) with FreeRADIUS and then, initiate authorization (separately using Service-Type AVP set to Authorize-Only) for the same user with FreeRADIUS Case 2: Configure FreeRadius to Authenticate & Authorize the user in one go; in which case the output of radiusd -X clearly indicates that both Auth & Autz are done. If case 2 happens, how do I distinguish it from an Authentication-Only scenario? Forgive my ignorance, please advise. - AJ
ajay shekhar wrote:
Does setting Service-Type AVP to Authorize-Only in a RADIUS REQUEST make FreeRADIUS do only the authorization part?
No. You still need to set 'Auth-Type := Accept' in order to return an Access-Accept.
I do not know much about of how freeRADIUS works, but I am looking to get either of these scenarios working -
Case 1: authenticate a user (using EAP-SIM) with FreeRADIUS and then, initiate authorization (separately using Service-Type AVP set to Authorize-Only) for the same user with FreeRADIUS
That will work, as described above.
Case 2: Configure FreeRadius to Authenticate & Authorize the user in one go; in which case the output of radiusd -X clearly indicates that both Auth & Autz are done. If case 2 happens, how do I distinguish it from an Authentication-Only scenario?
Because the Access-Request contains an EAP-Message. In the first case (Authorize-Only), it will *not* contain an EAP-Message. As with most things RADIUS, there's no magic. Just look at the packets. They're clearly different. Alan DeKok.
participants (2)
-
ajay shekhar -
Alan DeKok