EAP processing
Alan DeKok
aland at deployingradius.com
Tue Jun 12 19:33:12 CEST 2012
Emmanuel BILLOT wrote:
> Could you explain what is the difference between the default file and
> the inner-tunnel file in /etc/raddb/site-enabled ?
This is documented in the comments at the top of the files.
The "default" virtual server handles normal RADIUS traffic. However,
some EAP types set up a TLS tunnel between the PC and the RADIUS server.
The data *inside* of the TLS tunnel has to be authenticated.
So... it's run through the "inner-tunnel" virtual server.
> When running in debug mode, i see sometimes
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> and
> sometimes
> # Executing section authorize from file
> /etc/raddb/sites-enabled/inner-tunnel
Not "sometimes". That is a very bad way to think about it. The debug
log shows *exactly* what the server is doing. Read it slowly, it will
make sense.
> Is there any docs about the complete processing of EAP authentication ?
Nope.
Alan DeKok.
More information about the Freeradius-Users
mailing list