Arran Cudbard-Bell wrote: >> I'm not sure why that matters. the *NAS* sets User-Name in the >> Access-Request. The proxying server doesn't have to do anything. > > Well it needs to be able to read an identity of *some* kind, else how > would it know where to proxy the packets to .
The NAS doesn't proxy the packets by user name. It just sends them to the locally configured RADIUS server. The NAS doesn't really set the user name, either. It just copies it from the EAP packet sent by the supplicant. > Yes but it still needs to grab various attributes from the SQL database, > and I thought a different query was run for post-auth ... as in the one > that logs reply packets ;) ? Hmm... that may need fixing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html