Preventing outer EAP id from going through auth

John Doppke John.Doppke at TRW.COM
Tue May 26 22:30:53 CEST 2009


I have a fairly standard config, using EAP/TTLS and an LDAP back end.  Both EAP and non-EAP requests need to do LDAP lookups.  

It's working well (I did very little customizing), except I see a lot of the anonymous outer id's getting sent to the LDAP servers.  I moved EAP above LDAP in the config, and it seems to have eliminated those when EAP returns 'ok', but I'm still seeing some.  It looks like when EAP returns 'updated' it still runs anonymous through LDAP.

I noticed the eap def has ok = return, should I add updated = return to avoid the anonymous LDAP lookups?


-John






More information about the Freeradius-Users mailing list