Yannick Koehler wrote:
While I do agree with you, working on the SQL aspect is not a possibility in this case. It also first appeared that invoking any external code only when its outcome will be meaningful is more appropriate and easier to do. And if Stefan suggestion works, it would then be true.
It will be easy and will help. It won't solve the problem. The long SQL queries may cause new problems in the future.
In any case, it does appear illogical to request 4-5 times the same query (independentely of their time taken to execute) to an SQL database and discard its result each time based on a username that is not yet validated (not the inner-tunnel username) and may not be the correct one.
You *can* edit the configuration files. That's why they're text. The default configuration is meant to work in as many situations as possible. This includes people who don't use EAP. And people who have functional SQL servers. We expect that you understand the configuration you're using. If the configuration is imperfect, then change it. I'll note that running the server in debugging mode would have shown you what was happening. The solution would then have been fairly obvious. There's a reason we always suggest debugging mode. It is impossible to create "howtos" for every RADIUS configuration. Instead, we give guidelines for how to configure the server, and we show you what the server is doing. The next step is to understand your configuration, and optimize it. Alan DeKok.