user(name) and EAP-TLS
Klaus Klein
k.klein at gmx.de
Sat Aug 4 17:27:59 CEST 2012
Sorry, I just reread your email.
Am 04.08.2012 12:57, schrieb Matthew Newton:
> a) move files above eap in sites-enabled/default. This will mean
> that the eap short-circuit won't skip files.
I don't think that files is skipped after EAP-TLS authorization.
If the User-Name, which is provided through the identifier setting in wpa_supplicant, exists in users then, even after EAP-TLS authorization, the according check attributes (e.g. Login-Time) are compared and the reply attributes (e.g. Session-Timeout) are added into the reply item list.
> It will also mean
> that you hit files a lot more than before, which will have a
> performance impact (the scale of which depends on the number of
> auths, of course).
If my observation is right then files is hit for every authorization and modifying the sequence will therefore not change the impact on files.
Cheers,
Klaus
More information about the Freeradius-Users
mailing list