All that stuff is on by default to ensure that people who want more than a really dumb and minimal server can get up and running without having to try to find what combination of stuff needs to be enabled.
So, eg proxying is enabled ..whats the issue? Unless you have actually edited proxy.conf to do something it won't do anything , there's no entry in clients.conf other than localhost too, so even if you had the required ports open to the world, nothing is going to happen. If all you want is EAP-TLS auth then its very easy to minimise to that config....much much easier than having to learn the server better and trying to get there from a minimal config that doesn't work out if the box (ask those who have tried doing it that way...look at mailing list history for those that stripped the config out before then trying to get things to work) This isn't Apache, which does have a whole load of things on and can get you p0wned on port 80 if you have that open to the world alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
