Sven 'Darkman' Michels wrote: >> here we can CLEARLY see that EAP is done before LDAP > > exactly, yeah, but the log says the other way around. I get a ldap > request, which succeeds and after that a tls NACK (due to no cert). > I would expect its the other way around, shouldn't it?
Post the debug log. It lists which modules are being executed, and in what order. EAP uses *many* round trips. So you may be looking at the output from two different packets, and concluding that the processing is in a *different* order than in the config files. Read the debug log. It's *all* there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html