Setting up EAP-TLS as the ONLY authentication mechanism?

Thomas Hruska thruska at
Sun Mar 24 15:34:53 CET 2013

On 3/24/2013 5:59 AM, Alan DeKok wrote:
> Thomas Hruska wrote:
>> Nowhere in there does it explain why proxying is on by default.  It just
>> says that it can be turned off.  I want to know why it is on by default
>> in the first place.  From what I'm beginning to understand, based on
>> your reply, FreeRADIUS opens a port that isn't necessary for basic
>> functionality as part of its default installation.  That sort of
>> behavior should at least raise an eyebrow if not a few red flags.
>    You're unhappy that your questions got push-back.  So you're pushing
> back in return.  However... you know little or nothing about RADIUS, and
> I've been doing this for 20 years.

>    And after doing this for 20 years, your message is typical of a
> particular class of newbie.  The existing documentation is too
> complicated.  Yet you don't ask a specific question.  Instead, you have
> a long complicated post complaining about many things, and asking many
> questions.  When I point this out, you start putting me down.
>    I've had hundreds of conversations like this, and it's always annoying.
>    Your entire approach is wrong.  Read "man radiusd".  That documents
> the correct approach.

The difference from your response to Arran's response to my questions is 
night and day.  He was moderately polite while you were and are 
downright rude.  I've met grizzled veteran developers before.  You are 
one of those.  As a developer myself, I know I've got two options:

1)  Fend off the newbies constantly.
2)  Write better documentation.  With a dash of humor in the mix.  If it 
isn't fun, then it isn't worth reading (or writing) it.

I've found that the latter creates a MUCH better experience for everyone 
(i.e. the "nuisances" go away - hey, I've been where you are at as 
well).  I've also found that *I* have to actually write the 
documentation because no one else will do it for me (e.g. Wikis don't 
really work for software).  And it isn't a FAQ, it is real documentation 
naturally covering a wide range of common (and even uncommon) topics.  I 
always include a documentation cycle in my software releases - and it 
takes about a week to two weeks to complete, but it is so worth it. 
Whenever a user asks a question, I check the documentation to make sure 
I wrote something about it, write a quick paragraph in a polite 
response, and link to the right place, knowing someone else will find 
the post + reply via a Google search later and won't ask the same 
question as a result.  That's the other key factor - making sure stuff 
can be found via Google as a top result on the official site.  Google is 
your first line of defense against newbies and, when you host the 
content yourself, you control that line of defense.

On a different note, I've also found that telling people how long I've 
been writing software does nothing beneficial.  You just get into a 
yelling match with those who have been writing software longer.

Anyway, just a few things I've picked up over the years.

I can tell when I'm not wanted, so I'll just drop off this list.  Later.

>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Thomas Hruska
CubicleSoft President

I've got great, time saving software that you might find useful.

More information about the Freeradius-Users mailing list