Huckle Berry wrote: > This was beginning to occur to me. Initially I ignored proxy.conf > because i figured I would never need to proxy anything, but I now see FR > proxies to itself...
It treats the inner tunnel session as a (largely) independent RADIUS request. This makes server design && configuration easier. It also means that FreeRADIUS has capabilities that other RADIUS servers don't have. > OK, I just tested this and it resulted in me DoS myself as the request > bounced back and forth between 127.0.0.1 and 192.168.1.3. This happened > both with my eap.conf and the default eap.conf. Something about there > being 200+ Proxy-State attributes. So... don't do that. That proxy loop is *not* in the default configuration. It only happens when you try to force proxying for a realm to loop back to the server. Why would this *ever* be a good idea? > 2) in users file you include the details for the user 'user' eg > > user Cleartext-Password := "password" > > > I'm using Certificate based authentication, with myself as the CA, so no > password should be needed correct? Or is the Password used to sign the > cert needed here? No. You don't need a password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html