Cache user access on eap-ttls with ldap as authenticate system

Alan DeKok aland at deployingradius.com
Thu Jan 14 18:36:07 CET 2021


On Jan 14, 2021, at 12:00 PM, André <netriver at gmail.com> wrote:
> 
> This only caches ldap attributes, it's not able to store results
> Access-Accept for example from a existing ldap confirmed authentication?

  No.

> Would it be possible to store the result "Access-Accept" for a user +
> password combination for future approval?

  No.

  That's not how EAP works.  You *cannot* just cache EAP packets and expect it to work.

  Your options are:

a) cache the Cleartext-Password (or whatever) returned from LDAP

b) set up session resumption caching.  See the "cache" subsection of mods-available/eap

c) both of the above

  Alan DeKok.




More information about the Freeradius-Users mailing list