Configuring LDAP lookups for EAP and inner-tunnel
Alan DeKok
aland at deployingradius.com
Thu Sep 23 20:33:17 CEST 2010
Jeffrey Collyer wrote:
> setup information that I failed to explain properly the first time :
> freeradius 2.1.7 is used to
> authenticate wireless users with eap-tls
Well... that would have been nice to say.
> I started with a default configuation and added ldap to it in the
> sites-enabled/default file's authorize section. And it worked
> authenticating the client, but with many (about a dozen) ldap lookups.
Because there are about a dozen EAP packet exchanges.
> Then I realized that the 'tls' section of the modules/eap.conf file
> doesn't have a virtual_server directive, but even after putting that in
> the 'tls' section, its still doesn't run an ldap query when I try to
> authenticate.
Because the "virtual_server" directive doesn't belong in the "tls"
section.
> So my assumption is that the eap module doesn't use the inner tunnel for
> tls.
Yes.
The solution is to move the LDAP checks to the "post-auth" stage.
Alan DeKok.
More information about the Freeradius-Users
mailing list