how to limit the repeating ldap lookups

Martin Kraus lists_mk at wujiman.net
Wed Aug 28 10:28:41 CEST 2013


On Wed, Aug 28, 2013 at 10:10:32AM +0400, Iliya Peregoudov wrote:
> On 28.08.2013 9:48, Olivier Beytrison wrote:
> >On 28.08.2013 00:20, Martin Kraus wrote:
> >>Hi. I'm using groups to authorize users and pull radius profiles for the users.
> >>My config is similar to what the default freeradius configuration offers.
> 
> Why not just call rlm_ldap from inner-tunnel post-auth section? This
> will ensure it called only once and only if inner-tunnel
> authentication succeeds.

I used to use mschapv2 for authentication so I had to lookup passwords in the
authorize section. I'm not sure what would happen if I moved the lookups to
post-auth so I'll need to setup some testing environment for it. 

mk


More information about the Freeradius-Users mailing list