Configuring LDAP lookups for EAP and inner-tunnel
Alan DeKok
aland at deployingradius.com
Fri Sep 17 17:09:30 CEST 2010
Jeffrey Collyer wrote:
> So I moved my ldap lookup configuration from the authorize section of
> the sites-enabled/default file into the inner-tunnel file. But I still
> see the same number of ldap queries per eap session.
Then it's still doing LDAP lookups in the "default" virtual server.
Or, you have LDAP-Group checks in the "default" virtual server.
> Next I tried to enable the cache section in the eap.conf for tls, but I
> have not seen that make any difference in the ldap calls. And from the
> comments I assume that just for session resumption, not initial
> authentication.
Yes.
> Could someone give me a pointer/hint as to how to configure eap/ldap to
> cut down on the number of ldap queries. Any help greatly appreciated.
The default configuration does *not* do LDAP lookups. So... use the
default config, and then enable LDAP lookups in the "inner-tunnel".
Alan DeKok.
More information about the Freeradius-Users
mailing list