On 27 Feb 2015, at 14:54, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
Don't list LDAP in the outer server, you only need passwords in the inner server.
I have removed LDAP from the outer server. Thank you.
and no more calls to cache, so i'm not sure what you were expecting to happen.
For the PEAP request the cache will have been cleared as the server has been restarted. If you want a persistent cache, you need to use the memcached driver and run a memcached server. That won't persist across memcached >restarts though.
For that there'd need to be a new file system based cache driver.
I understand that the cache will not persist across restarts of the radius server. The problem that we are having is that NT-Password and LM-Password are not available for caching when EAP-PEAP is used. What I am showing in the logs is the first time a user connects and what is being cached.
The cache module is being called in a different round to the call to mschap.auth which produced the hashes. Move your second cache call (the one to store the hashes) to : Auth-Type MS-CHAP { mschap cache.authorize } Can't remember if ok = return in authenticate. If you find cache.authorize isn't being called Auth-Type MS-CHAP { mschap { ok = 1 } cache.authorize } That'll ensure the hashes are stored immediately after being produced. Again, the cleaner way of doing this is with session-resumption. That way you avoid the many rounds of EAP required to do PEAP or TTLS. Ensure you've enabled it in the supplicant, on the server, and post the debug output, we might be able to suggest what's wrong. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2