From: Brian Candler <b.candler@pobox.com>
Date: Tue, 25 Oct 2016 17:19:10 +0000 (+0100)
Subject: Add commented-out example to eap section to handle "updated" response
X-Git-Tag: release_3_0_13~131^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1806%2Fhead;p=thirdparty%2Ffreeradius-server.git

Add commented-out example to eap section to handle "updated" response

This occurs part-way through a PEAP tunneled exchange, and can cause
additional database lookups.
---

diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 083407596aa..72a60114e70 100644
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -347,17 +347,22 @@ authorize {
 	#  It also sets the EAP-Type attribute in the request
 	#  attribute list to the EAP type from the packet.
 	#
-	#  The EAP module returns "ok" if it is not yet ready to
-	#  authenticate the user.  The configuration below checks for
-	#  that code, and stops processing the "authorize" section if
-	#  so.
+	#  The EAP module returns "ok" or "updated" if it is not yet ready
+	#  to authenticate the user.  The configuration below checks for
+	#  "ok", and stops processing the "authorize" section if so.
 	#
 	#  Any LDAP and/or SQL servers will not be queried for the
 	#  initial set of packets that go back and forth to set up
 	#  TTLS or PEAP.
 	#
+	#  The "updated" check is commented out for compatibility with
+	#  previous versions of this configuration, but you may wish to
+	#  uncomment it as well; this will further reduce the number of
+	#  LDAP and/or SQL queries for TTLS or PEAP.
+	#
 	eap {
 		ok = return
+#		updated = return
 	}
 
 	#