Thanks, Dave
Alan DeKok wrote:
Dave Mason <[EMAIL PROTECTED]> wrote:
For an EAP authentication, the authorize block modcall calls eap_authorize, which returns "updated." However, rlm_sql runs and searches the database for the EAP user, which isnt there. Everything works, but the database hit is unnecessary. Is there something I can do to prevent that?
The database hit is usually necessary, in order to discover what username/password to use. The control flow goes like:
rlm_eap discovers EAP in the request, marks it as "Auth-Type EAP"
rlm_sql discovers user "bob" has password "bob", and adds the password to the config items for the request
rlm_eap authenticates user "bob", using password "bob", to do EAP-MD5, etc.
If you don't need the database hit, see 'doc/configurable_failover'. Have the SQL module run only if EAP returns "noop"
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html