Cisco WLC PEAP/MSCHAPv2 - unnecessary ldap lookups?

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Sat Sep 19 19:02:57 CEST 2009


Hi,

> Making those changes helped alot and reduced the LDAP calls to 3 - Thanks!! I would like to drop this further, as it seems that 2 of them are from the authorize section.  I can't seem to remove it from the authorize section, though, as doing so pisses off mschap (can't find NT-password) and removing mschap pisses off FR (no auth-type defined).  Also, I use a LDAP huntgroup, where users in an LDAP group are allowed to attached to a special SSID, which i think is part of the authorization process....

in this case you need to use LDAP in the authorise section - no two ways about it.

however, thiat then becomes a backend issue - so you need to find out why
it takes so long to do a query at that point

alan



More information about the Freeradius-Users mailing list