"Ron Wahler" <[EMAIL PROTECTED]> wrote: > It looks like the inner tunnel calls > > rp_default_postauth (rlm_exec) for request 30
For the tunneled version of the request. > then it is called again > calling rp_default_postauth (rlm_exec) for request 30 For the outer version of the request. > when the Access-Accept is sent back to the AP. > > Is that expected behavior? Yes. The tunneled authentication request looks *exactly* like a normal authentication request to everything in the server. Only the TTLS/PEAP modules know it's a tunneled request. If you don't want the post-auth section called for the outer user, then you can configure the server to only call it for the tunneled request, OR to not call it for the anonymous user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
