Question about outer identity

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Jul 30 13:32:14 CEST 2009


Hi,

> I have 2.1.6 and things basically work. But I just came across a
> question about the processing of outer/inner identity:
>
> As I understand it, in case of a non-EAP RADIUS request (eg from my old  
> modem servers), there is no tunnel and hence no inner identity.
> ==> Autz and Auth are done by the default virtual server and governed by
> the settings in radiusd.conf and sites-available/default -- right?
>
> In case of an EAP request (we do EAP-TTLS and PEAP-MSCHAPv2), the outer  
> identity is simply used as a dummy during Tunnel setup
> (Our EAP Clients use anonymous at uni-marburg.de as outer identity).
> Nonetheless, freeradius does an LDAP request during Authorization
> which, of course, fails with 'notfound'. freeradius then happily
> proceeds to do the real authentication with inner-tunnel.
> Now I wonder how to avoid that extra LDAP query.
>
> Here's my config (ldap123 refers to a virtual module doing
> redundant-load-balance with 3 LDAP servers):

somthing in your users file is matching and enforcing LDAP ;-)

alan



More information about the Freeradius-Users mailing list