Emmanuel.Billot at ac-orleans-tours.fr
Tue Jun 12 20:11:17 CEST 2012
Le 12/06/12, Alan DeKok <aland at deployingradius.com> a écrit :
> Emmanuel BILLOT wrote:
> > Could you explain what is the difference between the default file and
> > the inner-tunnel file in /etc/raddb/site-enabled ?
> This is documented in the comments at the top of the files.
> The "default" virtual server handles normal RADIUS traffic. However,
> some EAP types set up a TLS tunnel between the PC and the RADIUS server.
> The data *inside* of the TLS tunnel has to be authenticated.
> So... it's run through the "inner-tunnel" virtual server.
Ok that's what i read from you on another post.
> > When running in debug mode, i see sometimes
> > # Executing section authorize from file /etc/raddb/sites-enabled/default
> > and
> > sometimes
> > # Executing section authorize from file
> > /etc/raddb/sites-enabled/inner-tunnel
> Not "sometimes". That is a very bad way to think about it. The debug
> log shows *exactly* what the server is doing. Read it slowly, it will
> make sense.
Sorry i didn't use correct words. I tried to follow each line in a radiusd -X output.
It begins with a a complete request, and the authorize section.
Parsing each authorize mechanism, only eap doesn't return "noops".
A first question : the default file says
EAP request comes with EAP message and is so captured by the eap authorize section, right ?
It returns an update of the original request with Auth-Type = EAP
I can't understand why there is then one second authorize check.
> > Is there any docs about the complete processing of EAP authentication ?
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
10, rue Molière - 45000 Orléans
Tél : 02 38 79 45 57
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users