Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP.

Alan DeKok aland at deployingradius.com
Tue Sep 9 15:14:02 CEST 2014


Axel Luttgens wrote:
> With proxying turned on, when an "outsider" connects to an AP of ours, the debug log shows:
> 
> 	...
> 	eap: Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP.
> 	 [ eap ] = noop
> 	...

  That's expected.

> Conversely, everything in the authorize section that follows:
> 
> 	eap {
> 		ok = return
> 	}
> 
> is executed for each roundtrip between the client and the remote server; in the case of EAP, that may mean a dozen of DB queries, a dozen of lines logged thru a linelog instance, and so on.

  Which is how you configured it.

> Is this the behavior to be expected?

  Yes.  EAP uses multiple packet exchanges.

> (another way to ask: may I assume I didn't err in my config?)

  Put all of the DB lookups into the inner-tunnel virtual server.  If
you need to use non-EAP authentication methods, you can protect them
with an "if" condition:

	if (!EAP-Message) {
		# complex DB stuff here
	}

  Alan DeKok.


More information about the Freeradius-Users mailing list