17 Dec
2015
17 Dec
'15
10:11 a.m.
Can anyone advise on the best method for performing an LDAP authorize if I'm using both EAP-TLS and EAP-PEAP? In my site config, I do: eap { ok = return } -ldap This works great for PEAP, as the eap module returns and ok, then the LDAP lookup is performed in the inner tunnel, once only. However when a certificate based client associates with EAP-PEAP, the eap module returns 'updated' and the ldap check is performed for each packet. I have updated the ldap line to be: ldap { notfound = reject } For a successful authentication, it performs the ldap search a number of times. Is there any way I can only do this once? Dave Hartburn