Referencing LDAP attributes in post-auth
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Dec 19 17:39:17 CET 2011
Hi,
> copy_request_to_tunnel = yes
>
> As mentioned earlier, I am assigning a standard RADIUS attribute, but the
> value I'm passing to it is not there when I call it, which is in the
> post_auth of the outer virtual server.. I figured it made sense to put it
> there, since I call the LDAP module in the authroize section of the outer
> virtual server. Should this be done in the inner-tunnel? I guess I'll
> give that a try too...
why call LDAP in the outerid for EAP- surely call it in the inner-tunnel instead
(and put some protection around it so that its only called when needed - right
now, if you look, you'll see your LDAP whacked all over the place during requests
coming through - at least 3x more queries to the LDAP than you need.)
alan
More information about the Freeradius-Users
mailing list