modules in authorize{} and authenticate{} sections
Alan DeKok
aland at deployingradius.com
Tue May 26 08:55:32 CEST 2009
bastardinho69 wrote:
> I have successfully set up FreeRADIUS server to use Active Directory to
> authenticate LAN users.
> My authorize{} and authenticate{} section configuration in radiusd.conf
> file looks like this:
If you're using AD for authentication, those sections do *not* look
like that.
> authorize {
> preprocess
> eap
> mschap
> }
> authenticate {
> Auth-Type MS-CHAP {
> mschap
> }
> eap
> }
>
> As u see, in both sections there is modules eap and mschap mentioned.
> Can anybody tell me why it is so?
Because the server has multiple stages of processing a request. See
doc/aaa.txt.
> Or where to look for the answer? I
> have been checking the logs from running radius in debug mode but i
> cannot find the definite answer, for example, in conversation between
> radius server and supplicant, mschap in authorize section always returns
> noop, so my question is- why it is needed there if it always returns noop?
It's not needed in the "authorize" section if you're only doing EAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list