Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP.
Alan DeKok
aland at deployingradius.com
Tue Sep 9 15:14:02 CEST 2014
Axel Luttgens wrote:
> With proxying turned on, when an "outsider" connects to an AP of ours, the debug log shows:
>
> ...
> eap: Request is supposed to be proxied to Realm SOMEREALM. Not doing EAP.
> [ eap ] = noop
> ...
That's expected.
> Conversely, everything in the authorize section that follows:
>
> eap {
> ok = return
> }
>
> is executed for each roundtrip between the client and the remote server; in the case of EAP, that may mean a dozen of DB queries, a dozen of lines logged thru a linelog instance, and so on.
Which is how you configured it.
> Is this the behavior to be expected?
Yes. EAP uses multiple packet exchanges.
> (another way to ask: may I assume I didn't err in my config?)
Put all of the DB lookups into the inner-tunnel virtual server. If
you need to use non-EAP authentication methods, you can protect them
with an "if" condition:
if (!EAP-Message) {
# complex DB stuff here
}
Alan DeKok.
More information about the Freeradius-Users
mailing list