Thomas Hruska wrote: > Nowhere in there does it explain why proxying is on by default. It just > says that it can be turned off. I want to know why it is on by default > in the first place. From what I'm beginning to understand, based on > your reply, FreeRADIUS opens a port that isn't necessary for basic > functionality as part of its default installation. That sort of > behavior should at least raise an eyebrow if not a few red flags.
You're unhappy that your questions got push-back. So you're pushing back in return. However... you know little or nothing about RADIUS, and I've been doing this for 20 years. I won't explain why there are no "red flags" in the default configuration. I *will* explain that it's unproductive for newbies to second-guess experts. > The default client secrets(s) should be different from the default proxy > secret(s) to avoid confusion for first-time users. So as a first-time user, you know more about their needs than someone who's done this for 20 years? > I missed that it is there for testing. And I see why: Don't quote the config files at me. I wrote them. This just comes across as condescending, and lecturing me about the text I wrote. > Again, defaults exist for a reason. The reasons for the defaults are > what I'm actually after here. The reasons are given in the documentation, web pages, "man" pages, config files, etc. The defaults enable the server to do the Right Thing in the widest possible set of circumstances. i.e. so that newbies like you can get the server running with minimal work. Your response is to insult the developers, by claiming that the defaults "raise red flags". Stop it. It's ignorant and annoying. > All I was asking here was if commenting out those protocols in > 'eap.conf' was all I have to do to disable them? A simple confirmation > would suffice. I answered that. >> You're looking for reassurance that editing the config files won't >> cause the server to explode in flaming metal. It won't. Edit them. > > I admit that there is a little of that, but I'm just trying to save > myself from breaking things too badly by understanding why the defaults > are the defaults before I go and blow away large portions of config. The defaults are documented. See the comments in the config files. The procedure for editing the defaults is documented. See "man radiusd". It's really not rocket science. You're looking for emotional reassurance that the server won't explode. I'm not going to give it. Instead, you should follow the documentation, and follow the documented methods for editing the configuration. If something goes wrong, it's just text. Put the old config back, and start again. And after doing this for 20 years, your message is typical of a particular class of newbie. The existing documentation is too complicated. Yet you don't ask a specific question. Instead, you have a long complicated post complaining about many things, and asking many questions. When I point this out, you start putting me down. I've had hundreds of conversations like this, and it's always annoying. Your entire approach is wrong. Read "man radiusd". That documents the correct approach. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html