user(name) and EAP-TLS

Klaus Klein k.klein at
Sat Aug 4 17:27:59 CEST 2012

Sorry, I just reread your email.

Am 04.08.2012 12:57, schrieb Matthew Newton:
>   a) move files above eap in sites-enabled/default. This will mean
>   that the eap short-circuit won't skip files.
I don't think that files is skipped after EAP-TLS authorization.

If the User-Name, which is provided through the identifier setting in wpa_supplicant, exists in users then, even after EAP-TLS authorization, the according check attributes (e.g. Login-Time) are compared and the reply attributes (e.g. Session-Timeout) are added into the reply item list.

>   It will also mean
>   that you hit files a lot more than before, which will have a
>   performance impact (the scale of which depends on the number of
>   auths, of course).
If my observation is right then files is hit for every authorization and modifying the sequence will therefore not change the impact on files.


More information about the Freeradius-Users mailing list