Semantics of radiusd.conf ?

Alan DeKok aland at nitros9.org
Wed May 3 22:00:55 CEST 2006


"Gabriel L. Somlo" <somlo at cmu.edu> wrote:
> I'm trying to understand the semantics of the radiusd.conf file.
> Specifically, when does a module (not) need to be mentioned in the
> authorize and authenticate sections of the config file ?

  It's listed if you want it to be used.

> Removing the eap from 'authorize' prevents the server from
> working correctly (works fine if you leave it in there).
> Why does eap have to be mentioned in 'authorize', if I only
> need it for authentication ?

  The idea is to have the server "just figure it out".  By listing EAP
in the authorize section, the module will look for EAP in the packet,
and set Auth-Type = EAP when necessary.  The same goes for the CHAP
and MS-CHAP modules, too.

  If you don't list "eap" in the "authorize" section, you'll have to
set Auth-Type = EAP by hand, which will often be wrong.  It's *much*
easier to list it, and let the server figure it out.

  Alan DeKok.



More information about the Freeradius-Users mailing list