peap/eap change in 3.0.x with inner_eap_module now required
Alan DeKok
aland at deployingradius.com
Tue Jan 19 21:43:21 CET 2016
On Jan 19, 2016, at 3:39 PM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
>
> I'm probably fairly unusual in having an eap instantiation (two
> even) that's not called "eap".
>
I've done some more spelunking, and calling the "eap" module is only done when it's proxying the inner-tunnel EAP data. I've pushed fixes which convert the error into a WARNING, which won't break existing configurations.
> TBH I've never quite got my head around why there is e.g.
>
> Auth-Type pap {
> pap
> }
>
> for everything else, and just
>
> eap
>
> for the eap module. I've always guessed that if the correct
> Auth-Type section is set then it uses that section, otherwise it
> just goes an calls all modules not in a named section in order (as
> in authorize) and hopes that something picks it up?
It doesn't make much difference.
Auth-Type pap {
pap
}
is the same as just
pap
BUT using the Auth-Type wrapper lets you put policies into the section:
Auth-Type back_door {
if ((User-Name == "bob") && (User-Password == "bob")) {
accept
}
else {
pap
}
}
:)
Alan DeKok.
More information about the Freeradius-Devel
mailing list