How to handle EAP/LDAP or files with same server

Alan DeKok aland at
Sat Nov 11 00:20:45 CET 2006

Keith Moores <kmm6b at> wrote:
> I have both of these working with one issuse, MACs that are not in  
> the users file are being sent to LDAP server adding unnecessary load.

  One solution is to recognize MAC's, and NOT look them up in LDAP.
Another is to recognize email addresses, and cause them to be looked
up in LDAP.

> The solution I can think of is to only send user name's that are  
> email addresses to ldap.  Is this something that can be done with a  
> proxy conf and realms?


  This should work:

#-- users file
DEFAULT User-Name =~ "@", EAP-Message =* 0x00, Autz-Type := email


#--- radiusd.conf
authorize {

         Autz-Type email {

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list