Arran Cudbard-Bell wrote:
> But it appears the eap module releases the tunneled reply into the
> current reply list,
> then everything skips to post-auth.
Hmm... yes. The intent of the "authenticate" section was to run *one*
module, not to do more than that. The comments in
raddb/sites-enabled/default explain that "unlang" rules *should* be run
in the post-auth section, not the authenticate section.
> #
> # Allow EAP authentication.
> Auth-Type EAP {
> eap
I suppost that the rule of "call one thing" in the authenticate
section could be extended to allow unlang inside of an Auth-Type section.
> Is this intentional ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
