What would the syntax look like to prevent the outer tunnel from Calling post-auth ? they both have the same realm.
How about just preventing an anonymous user ? > -----Original Message----- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Friday, October 24, 2003 2:54 PM > To: [EMAIL PROTECTED] > Subject: Re: TTLS outer/inner access-accept > > "Ron Wahler" <[EMAIL PROTECTED]> wrote: > > It looks like the inner tunnel calls > > > > rp_default_postauth (rlm_exec) for request 30 > > For the tunneled version of the request. > > > then it is called again > > calling rp_default_postauth (rlm_exec) for request 30 > > For the outer version of the request. > > > when the Access-Accept is sent back to the AP. > > > > Is that expected behavior? > > Yes. The tunneled authentication request looks *exactly* like a > normal authentication request to everything in the server. Only the > TTLS/PEAP modules know it's a tunneled request. > > If you don't want the post-auth section called for the outer user, > then you can configure the server to only call it for the tunneled > request, OR to not call it for the anonymous user. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
