ajay shekhar wrote: > Does setting Service-Type AVP to Authorize-Only in a RADIUS REQUEST make > FreeRADIUS do only the authorization part?
No. You still need to set 'Auth-Type := Accept' in order to return an Access-Accept. > I do not know much about of how freeRADIUS works, but I am looking to > get either of these scenarios working - > > Case 1: > authenticate a user (using EAP-SIM) with FreeRADIUS and then, > initiate authorization (separately using Service-Type AVP set to > Authorize-Only) for the same user with FreeRADIUS That will work, as described above. > Case 2: > Configure FreeRadius to Authenticate & Authorize the user in one go; in > which case the output of radiusd -X clearly indicates that both Auth & > Autz are done. > If case 2 happens, how do I distinguish it from an Authentication-Only > scenario? Because the Access-Request contains an EAP-Message. In the first case (Authorize-Only), it will *not* contain an EAP-Message. As with most things RADIUS, there's no magic. Just look at the packets. They're clearly different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
