On 5 Jun 2014, at 10:52, Enrique Sainz Baixauli <enriquesainz.beca@intef.educacion.es> wrote:
Is rlm_cache the answer to my problems? If so, should I just call it in authorize in inner-tunnel after ldap and then to retrieve in default server post-auth? Or when/how? And if not, any other solutions to this?
After a few trial-and-error runs, I've gotten it to work. For the record, this is my config:
mods-enabled/cache:
update {
}
If you upgrade to v3.0.x HEAD it can be made even simpler. mods-available/cache: update { control:LDAP-Group += &control:LDAP-Group <additional LDAP password attributes you need> } sites-enabled/inner-tunnel: authorize { [...] update control { Cache-Read-Only := yes } cache if (notfound) { ldap cache } [...] } That's actually significantly more efficient, as it guarantees there will only ever be one call out to LDAP for the entire EAP authentication. Well done for getting it working :) -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2