> > > - each user performing 7 authentications during EAP negotiation > > ummm, why? with correctly configured server and 'protection' of the > authentication > type, you should only hit your authentication server just once inside the > EAP tunnel when the identity is set/known. >
I'm not across the details - it was another person working on this who couldn't get the result we needed. We also tried moving rlm_sql from "authorize" to "postauth", but that didn't work because (as far as we could see) rlm_sql didn't have an option for setting reply attributes during "postauth". We have now worked around our 7x EAP problem by using a module configuration that allows us to place all our processing into "postauth". - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html