how to limit the repeating ldap lookups

Phil Mayers p.mayers at imperial.ac.uk
Wed Aug 28 16:38:15 CEST 2013


On 28/08/13 15:11, Arran Cudbard-Bell wrote:
>
> On 28 Aug 2013, at 15:01, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
>> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>>
>>> Does anyone have a configuration which gets it down to a single LDAP query for PEAP?
>>
>> What inner?
>
> MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?

Apparently not; you can apparently run EAP-TLS inside PEAP, which is a 
new one on me.

For PEAP/MSCHAP, under 2.x the link someone posted to my horrible hack 
works. Or under 3.x, "eap { ok = return }" in the inner-tunnel also works.


More information about the Freeradius-Users mailing list