Cisco WLC PEAP/MSCHAPv2 - unnecessary ldap lookups?
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sat Sep 19 19:02:57 CEST 2009
Hi,
> Making those changes helped alot and reduced the LDAP calls to 3 - Thanks!! I would like to drop this further, as it seems that 2 of them are from the authorize section. I can't seem to remove it from the authorize section, though, as doing so pisses off mschap (can't find NT-password) and removing mschap pisses off FR (no auth-type defined). Also, I use a LDAP huntgroup, where users in an LDAP group are allowed to attached to a special SSID, which i think is part of the authorization process....
in this case you need to use LDAP in the authorise section - no two ways about it.
however, thiat then becomes a backend issue - so you need to find out why
it takes so long to do a query at that point
alan
More information about the Freeradius-Users
mailing list