Configuring LDAP lookups for EAP and inner-tunnel

Alan DeKok aland at
Fri Sep 17 17:09:30 CEST 2010

Jeffrey Collyer wrote:
> So I moved my ldap lookup configuration from the authorize section of
> the  sites-enabled/default file into the inner-tunnel file.  But I still
> see the same number of ldap queries per eap session.

  Then it's still doing LDAP lookups in the "default" virtual server.
Or, you have LDAP-Group checks in the "default" virtual server.

> Next I tried to enable the cache section in the eap.conf for tls, but I
> have not seen that make any difference in the ldap calls.  And from the
> comments I assume that just for session resumption, not initial
> authentication.


> Could someone give me a pointer/hint as to how to configure eap/ldap to
> cut down on the number of ldap queries.  Any help greatly appreciated.

  The default configuration does *not* do LDAP lookups.  So... use the
default config, and then enable LDAP lookups in the "inner-tunnel".

  Alan DeKok.

More information about the Freeradius-Users mailing list