how to limit the repeating ldap lookups
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Aug 28 16:46:53 CEST 2013
On 28 Aug 2013, at 15:38, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 28/08/13 15:11, Arran Cudbard-Bell wrote:
>>
>> On 28 Aug 2013, at 15:01, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>>> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>>>
>>>> Does anyone have a configuration which gets it down to a single LDAP query for PEAP?
>>>
>>> What inner?
>>
>> MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?
>
> Apparently not; you can apparently run EAP-TLS inside PEAP, which is a new one on me.
>
> For PEAP/MSCHAP, under 2.x the link someone posted to my horrible hack works. Or under 3.x, "eap { ok = return }" in the inner-tunnel also works.
OK. Just wondering if you could really get it down to a single lookup, IIRC you needed the 'known good' NT-Password data for a couple of rounds of MSCHAPv2?
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list