how to limit the repeating ldap lookups

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Aug 28 16:46:53 CEST 2013


On 28 Aug 2013, at 15:38, Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> On 28/08/13 15:11, Arran Cudbard-Bell wrote:
>> 
>> On 28 Aug 2013, at 15:01, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>> 
>>> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>>> 
>>>> Does anyone have a configuration which gets it down to a single LDAP query for PEAP?
>>> 
>>> What inner?
>> 
>> MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?
> 
> Apparently not; you can apparently run EAP-TLS inside PEAP, which is a new one on me.
> 
> For PEAP/MSCHAP, under 2.x the link someone posted to my horrible hack works. Or under 3.x, "eap { ok = return }" in the inner-tunnel also works.

OK. Just wondering if you could really get it down to a single lookup, IIRC you needed the 'known good' NT-Password data for a couple of rounds of MSCHAPv2?

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list