Because we move eap into a subpackage. --- a/raddb/all.mk +++ b/raddb/all.mk @@ -8,7 +8,7 @@ LOCAL_SITES := $(addprefix raddb/sites-enabled/,$(DEFAULT_SITES)) DEFAULT_MODULES := always attr_filter cache_eap chap date \ - detail detail.log digest dynamic_clients eap \ + detail detail.log digest dynamic_clients \ echo exec expiration expr files linelog logintime \ mschap ntlm_auth pap passwd preprocess radutmp realm \ replicate soh sradutmp unix unpack utf8 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -386,7 +386,7 @@ # uncomment it as well; this will further reduce the number of # LDAP and/or SQL queries for TTLS or PEAP. # - eap { + -eap { ok = return # updated = return } @@ -536,7 +536,7 @@ # # Allow EAP authentication. - eap + -eap # # The older configurations sent a number of attributes in @@ -858,7 +858,7 @@ # Insert EAP-Failure message if the request was # rejected by policy instead of because of an # authentication failure - eap + -eap # Remove reply message if the response contains an EAP-Message remove_reply_message_if_eap @@ -936,7 +936,7 @@ # hidden inside of the EAP packet, and the end server will # reject the EAP request. # - eap + -eap # # If the server tries to proxy a request and fails, then the --- a/raddb/sites-available/inner-tunnel +++ b/raddb/sites-available/inner-tunnel @@ -128,7 +128,7 @@ # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # - eap { + -eap { ok = return } @@ -244,7 +244,7 @@ # # Allow EAP authentication. - eap + -eap } ###################################################################### @@ -432,7 +432,7 @@ # hidden inside of the EAP packet, and the end server will # reject the EAP request. # - eap + -eap } } # inner-tunnel server block