13 May
2008
13 May
'08
9:40 p.m.
Konstantin KABASSANOV wrote:
Using PEAP/mschapv2 with openldap through freeradius, I'd like to know if there is a way to allow all users in the authorize section of radiusd.conf (without doing ldap requests) and make the ldap request only in the authenticate section. It is useful for instance to avoid multiple ldap requests during authorization process in particular when a number of radius-request/challenges are exchanged between Access points and radius server.
In 2.0.4, you can run the LDAP module only for the inner tunneled request. See raddb/sites-enabled/inner-tunnel. Alan DeKok.