Configuring LDAP lookups for EAP and inner-tunnel
Jeffrey Collyer
jwc3f at virginia.edu
Fri Sep 17 15:51:18 CEST 2010
Using freeradius 2.1.7 to authenticate wireless users via eap, checking
against an ldap server. Its working fine, but I'm seeing an ldap lookup
for each part of the eap conversation. This leads to something like 13
LDAP lookups for each valid eap authentication sequence.
I did check the archives and found one thread about this same topic from
a user of freeradius 1.x, and the comments there were that it would be
much better in 2.x. via the inner-tunnel stuff.
And I see in the eap_modules_changes page on the wiki, that Autz caching
should resolve this for me.
So I moved my ldap lookup configuration from the authorize section of
the sites-enabled/default file into the inner-tunnel file. But I still
see the same number of ldap queries per eap session.
Next I tried to enable the cache section in the eap.conf for tls, but I
have not seen that make any difference in the ldap calls. And from the
comments I assume that just for session resumption, not initial
authentication.
Could someone give me a pointer/hint as to how to configure eap/ldap to
cut down on the number of ldap queries. Any help greatly appreciated.
Jeff
More information about the Freeradius-Users
mailing list