Preventing outer EAP id from going through auth

A.L.M.Buxey at A.L.M.Buxey at
Tue May 26 22:54:02 CEST 2009

> I have a fairly standard config, using EAP/TTLS and an LDAP back end.  Both EAP and non-EAP requests need to do LDAP lookups.  
> It's working well (I did very little customizing), except I see a lot of the anonymous outer id's getting sent to the LDAP servers.  I moved EAP above LDAP in the config, and it seems to have eliminated those when EAP returns 'ok', but I'm still seeing some.  It looks like when EAP returns 'updated' it still runs anonymous through LDAP.
> I noticed the eap def has ok = return, should I add updated = return to avoid the anonymous LDAP lookups?

1.x or 2.x?  in 2.x you can configure EAP to use the inner-tunnel
virtual server and then it'll stop hitting the outer authentication LDAP


More information about the Freeradius-Users mailing list