Dave Mason <[EMAIL PROTECTED]> wrote: > For an EAP authentication, the authorize block modcall calls > eap_authorize, which returns "updated." However, rlm_sql runs and > searches the database for the EAP user, which isnt there. Everything > works, but the database hit is unnecessary. Is there something I can do > to prevent that?
The database hit is usually necessary, in order to discover what username/password to use. The control flow goes like: rlm_eap discovers EAP in the request, marks it as "Auth-Type EAP" rlm_sql discovers user "bob" has password "bob", and adds the password to the config items for the request rlm_eap authenticates user "bob", using password "bob", to do EAP-MD5, etc. If you don't need the database hit, see 'doc/configurable_failover'. Have the SQL module run only if EAP returns "noop" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html