On 28/08/13 16:00, Martin Kraus wrote:
I found that if I nest ifs then default = return won't skip the authorize section and putting the tests on multiple lines doesn't work so it is this ugly:-)
Yeah, that's an annoyance of the configurable failover stuff.
However this really isn't foolproof. I think the identifier is first set by NAS as it sends eap request for identity so if that starts at something weird then this will be totaly off. I don't know if any rfc requires the identifier to start at 0.
It doesn't, and you will see cases where this doesn't happen, so I'm afraid it's not totally robust.
If you were to upgrade, you could do this all a lot more cleanly; the TLS virtual server solves the problem.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
