terminating EAP tunnels, proxy and realms
Alan DeKok
aland at deployingradius.com
Mon Jun 25 17:17:57 CEST 2007
Arran Cudbard-Bell wrote:
>> I'm not sure why that matters. the *NAS* sets User-Name in the
>> Access-Request. The proxying server doesn't have to do anything.
>
> Well it needs to be able to read an identity of *some* kind, else how
> would it know where to proxy the packets to .
The NAS doesn't proxy the packets by user name. It just sends them to
the locally configured RADIUS server. The NAS doesn't really set the
user name, either. It just copies it from the EAP packet sent by the
supplicant.
> Yes but it still needs to grab various attributes from the SQL database,
> and I thought a different query was run for post-auth ... as in the one
> that logs reply packets ;) ?
Hmm... that may need fixing.
Alan DeKok.
More information about the Freeradius-Users
mailing list