how to limit the repeating ldap lookups

Phil Mayers p.mayers at
Wed Aug 28 17:25:04 CEST 2013

On 28/08/13 16:00, Martin Kraus wrote:

> I found that if I nest ifs then default = return won't skip the authorize
> section and putting the tests on multiple lines doesn't work so it is this
> ugly:-)

Yeah, that's an annoyance of the configurable failover stuff.

> However this really isn't foolproof. I think the identifier is first set by
> NAS as it sends eap request for identity so if that starts at something weird
> then this will be totaly off. I don't know if any rfc requires the identifier
> to start at 0.

It doesn't, and you will see cases where this doesn't happen, so I'm 
afraid it's not totally robust.

If you were to upgrade, you could do this all a lot more cleanly; the 
TLS virtual server solves the problem.

More information about the Freeradius-Users mailing list