Howto ignore phase1 identity EAP-PEAP +mschapv2+openldap
Alan DeKok
aland at deployingradius.com
Fri Mar 26 15:41:45 CET 2010
Fred MAISON wrote:
> Hello freeradius-users,
> I search a way to ignore phase1 identity and avoid ldap access during
> phase1 for EAP-PEAP/mschapv2
See raddb/sites-enabled/inner-tunnel
> I have a basic setup which seems to work (eapol-test compiled from
> hostapd sources), but generate a lot of logs and ldap access during
> phase1.
Because you configured it to do that. Fix it so that the LDAP lookups
happen only in the inner tunnel.
> It also fails if outter identity is unknown in ldap (anonymous
> or other fancy id encoutered in customer's freeradius v1 production
> auth_logs ...)
Because you configured it to do LDAP lookups during tunnel setup. Why?
Alan DeKok.
More information about the Freeradius-Users
mailing list