Hi,
I have 2.1.6 and things basically work. But I just came across a question about the processing of outer/inner identity:
As I understand it, in case of a non-EAP RADIUS request (eg from my old modem servers), there is no tunnel and hence no inner identity. ==> Autz and Auth are done by the default virtual server and governed by the settings in radiusd.conf and sites-available/default -- right?
In case of an EAP request (we do EAP-TTLS and PEAP-MSCHAPv2), the outer identity is simply used as a dummy during Tunnel setup (Our EAP Clients use anonymous@uni-marburg.de as outer identity). Nonetheless, freeradius does an LDAP request during Authorization which, of course, fails with 'notfound'. freeradius then happily proceeds to do the real authentication with inner-tunnel. Now I wonder how to avoid that extra LDAP query.
Here's my config (ldap123 refers to a virtual module doing redundant-load-balance with 3 LDAP servers):
somthing in your users file is matching and enforcing LDAP ;-) alan