post-auth section in FR v2.1.12
Alan DeKok
aland at deployingradius.com
Tue Jun 10 17:58:39 CEST 2014
gabriel_skupien wrote:
> Hence, 3 questions:
> 1) Does FR v2.1.12 support post-auth section?
It should. But you should really also try 2.2.5, as 2.1.12 is four
years out of date.
> 2) Can you explain the aim of "Sending Access-Challenge" ?
That's how the protocol works.
> 2) Where is the best place to authorize users in LDAP while using EAP-TLS?
That depends on what you're doing.
> Is it post-auth?
For you, yes.
> ps. it works fine while authorizing users based on LDAP in the authorize
> section but we prefer to postpone this task to post-auth. In that way we
> can achieve to goals:
> -use ldap group membership for vlan assignments and
> -significantly reduce LDAP load
List "ldap.authorize" in the "post-auth" section.
Alan DeKok.
More information about the Freeradius-Users
mailing list