"Gabriel L. Somlo" <[EMAIL PROTECTED]> wrote: > I'm trying to understand the semantics of the radiusd.conf file. > Specifically, when does a module (not) need to be mentioned in the > authorize and authenticate sections of the config file ?
It's listed if you want it to be used. > Removing the eap from 'authorize' prevents the server from > working correctly (works fine if you leave it in there). > Why does eap have to be mentioned in 'authorize', if I only > need it for authentication ? The idea is to have the server "just figure it out". By listing EAP in the authorize section, the module will look for EAP in the packet, and set Auth-Type = EAP when necessary. The same goes for the CHAP and MS-CHAP modules, too. If you don't list "eap" in the "authorize" section, you'll have to set Auth-Type = EAP by hand, which will often be wrong. It's *much* easier to list it, and let the server figure it out. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
