Debug output changes
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Thu May 3 15:42:06 CEST 2007
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>> It is , far far far easier to understand, especially when loading the
>> config files... as the text scrolling down the screen actually resembles
>> the config file you've just been editing.
>
> Thanks. That's what the intention was.
>
>> Just to clarify with EAP
>>
>> updated -> I need to do db lookups to get password hashes etc
>> ok -> I'm processing an eap conversation , so don't bother with the
>> other modules.
>> noop -> Theres no eap message so i'm not going to do anything.
>
> Yes. See the comments around "eap" in the "authorize" section of
> "radiusd.conf" in the latest CVS.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Ok so in a EAP conversation
EAP will return updated on the start of the conversation
To save establishing the TLS connection for a user which can never be
authenticated ?
---
On inner encryption start , so the initial challenge if your using
mschap/chap.
Possibly to calculate the challenge (I don't know the inner workings of
mschap).
---
When the response from the challenge is recieved.
Obviously needed to check the response is correct.
---
And then finally, when the user has to be authorised.
So you've halved the load on the db for EAP-PEAP :)
And now theres no need to mess about with Authz-Types ...
So no need to put the original source ip in internally forwarded packets.
Ok well, thats fixed just about all the issues I had with freeRADIUS.
Hows that book coming ? :)
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Devel
mailing list