Hi, > The EAP-Message doesn't appear to be encrypted on the initial packet > from the ap to the server. Inside i see Type and Identity (containing my > username. The username is also in the User-Name attribute)
that'll be your outer identity... which, as it is plain to see (pun definately intended folks), is why many people use some anonymous identity for protection..why give away some of your credentials? - eg [EMAIL PROTECTED] > But (imho) all the write-ups dont really explain what's going on. > Myself, i don't understand what the authorize section and authenticate > sections are supposed to do. Could somebody talk to the radius server > directly without encryption using my settings? Can i specify what kinds > of authentication i'll accept from users compared to the types of > backend authentication i can do? I just find it hard to get my head > around it... authenticate = yes, you are who you are authorize = should you be using this? do we perhaps change the service you get (eg VLAN) if you've allowed people to talk to the RADIUS server, then they can...this is why you have eg the clients.conf (or clients SQL) to define *WHAT* NAS can talk to RADIUS server and what secret key they must have to talk to it. you can define whatever type of authentication that FR supports...depending on the eg username... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html