Cisco WLC PEAP/MSCHAPv2 - unnecessary ldap lookups?

Alan Buxey A.L.M.Buxey at
Thu Sep 17 21:40:32 CEST 2009


do you want to authorise using the e-directory (authorize is
are they allowed from that NAS at that time etc....)...
surely you only want to authenticate based on the inner EAP details

if you use 2.1.x then you can ensure that EAP methods get thrown
to the inner-tunnel - and have your LDAP authentication in the inner
tunnel - then LDAP is only called when its needed... likewise authorise.

only call LDAP when you really believe the details and need to

likewise, only call a module if you need to - you should be able to
vastly reduce calls to your backend infrastructure (i know we did!)


More information about the Freeradius-Users mailing list