EAP-GTC and cache_auth
Alan DeKok
aland at deployingradius.com
Tue Sep 13 18:56:55 UTC 2022
On Sep 13, 2022, at 2:39 PM, Grosjean Cyril <cygrosjean+freeradius at gmail.com> wrote:
> On my setup (again, pretty much the same as “google_ldap_auth” site), I
> validate the cache_auth_accept/reject on the authorize part.
That doesn't work for EAP-GTC.
> I’m using the debug_all module to take into advantage all the step, and I
> can see that it is only on the authenticate part that GTC expand the
> User-Password part.
> If I could expand the “User-Password” variable after the “eap” step in
> authorize, it would make my life easier (and compatible with the
> “google_ldap_auth” setup)"
>
> —
> So, I tried your suggestion that I should try the cache in the authenticate
> part, in the Auth-Type associated. I hope I understand you right.
>
> But again, if I’m right, it seems that cache module isn’t usable in the
> authenticate part (
> https://github.com/FreeRADIUS/freeradius-server/blob/0962a824d7a7bd0c1c8390cab2564b0933a088d8/src/modules/rlm_cache/rlm_cache.c#L830
> )
> Should I modify my Freeradius to being able to use it in the authenticate
> part ?
No. You can run the "authorize" method of the cache module by doing:
cache_auth_accept.authorize
Alan DeKok.
More information about the Freeradius-Users
mailing list