Arran Cudbard-Bell wrote:

> Whats happening if the first round of authentication will go to 
> Second will go to, but the second doesn't know 
> about the previous request and bails out with.

  Round robin && EAP don't work together very well.

> So firstly is EAP proxying actually possible ?

  Yes.  Many people are using it.  Round-robin, on the other hand, isn't
currently possible.  It would require additional code in the server.

  It's not hard, but it hasn't been done yet.

> Secondly is there something really stupid i've missed ?


> There are two ways I can see this working, either the proxy server 
> directs all the authentication rounds for one session to one proxy 
> server. Or the eap module on either backend instance figures out what 
> the previous part of the conversation was.

  If it's proxying, the EAP module isn't being used.

> Also I noticed this entry in eap.conf
>                  #  A list is maintained to correlate EAP-Response
>                  #  packets with EAP-Request packets.  After a
>                  #  configurable length of time, entries in the list
>                  #  expire, and are deleted.
>                  #
>                  timer_expire     = 60
> Anyone know where this list actually exists ?
> If it's just in memory or an actual file ?

  It's in the EAP module.  And it's only used when the server is doing
the EAP authentication.

  Alan DeKok.
--       - The web site of the book - The blog
List info/subscribe/unsubscribe? See

Reply via email to