When I did the upgrade I had just copied-pasted my old configuration and it worked without issue, so I completely missed the inner-tunnel. Making those changes helped alot and reduced the LDAP calls to 3 - Thanks!! I would like to drop this further, as it seems that 2 of them are from the authorize section. I can't seem to remove it from the authorize section, though, as doing so pisses off mschap (can't find NT-password) and removing mschap pisses off FR (no auth-type defined). Also, I use a LDAP huntgroup, where users in an LDAP group are allowed to attached to a special SSID, which i think is part of the authorization process.... So here is my new configuration, perhaps someone can spot something i'm missing? (tried looking through documentation, can't seem to find my error). default file: authorize { preprocess auth_log mschap suffix ntdomain eap { ok = return } files { notfound = reject noop = reject fail = reject } expiration logintime } authenticate { eap } and inner-tunnel: authorize { unix suffix ntdomain update control { Proxy-To-Realm := LOCAL } eap { ok = return } files redundant-load-balance { LDAPsvr1 LDAPsvr2 } expiration logintime } authenticate { Auth-Type LDAP { redundant-load-balance { LDAPsvr1 LDAPsvr2 } } unix eap }
Hi,
I will need to do some more research on inner-tunnels, as i'm not too familiar with them. How would I add the ldap components? as >part of the peap module itself?
no - you simply configure the required part of the inner-tunnel virtual server - inner-tunnel virtual server gets called as part of the EAP config - and _only_ as part of EAP with default config - check the default raddb config
alan