Semantics of radiusd.conf ?
Alan DeKok
aland at nitros9.org
Wed May 3 22:00:55 CEST 2006
"Gabriel L. Somlo" <somlo at cmu.edu> wrote:
> I'm trying to understand the semantics of the radiusd.conf file.
> Specifically, when does a module (not) need to be mentioned in the
> authorize and authenticate sections of the config file ?
It's listed if you want it to be used.
> Removing the eap from 'authorize' prevents the server from
> working correctly (works fine if you leave it in there).
> Why does eap have to be mentioned in 'authorize', if I only
> need it for authentication ?
The idea is to have the server "just figure it out". By listing EAP
in the authorize section, the module will look for EAP in the packet,
and set Auth-Type = EAP when necessary. The same goes for the CHAP
and MS-CHAP modules, too.
If you don't list "eap" in the "authorize" section, you'll have to
set Auth-Type = EAP by hand, which will often be wrong. It's *much*
easier to list it, and let the server figure it out.
Alan DeKok.
More information about the Freeradius-Users
mailing list