Sorry, I just reread your email. Am 04.08.2012 12:57, schrieb Matthew Newton:
a) move files above eap in sites-enabled/default. This will mean that the eap short-circuit won't skip files.
I don't think that files is skipped after EAP-TLS authorization.
If the User-Name, which is provided through the identifier setting in wpa_supplicant, exists in users then, even after EAP-TLS authorization, the according check attributes (e.g. Login-Time) are compared and the reply attributes (e.g. Session-Timeout) are added into the reply item list.
It will also mean that you hit files a lot more than before, which will have a performance impact (the scale of which depends on the number of auths, of course).
If my observation is right then files is hit for every authorization and modifying the sequence will therefore not change the impact on files. Cheers, Klaus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
