LDAP authorize for both EAP-TLS and EAP-PEAP
David Hartburn
D.J.Hartburn at kent.ac.uk
Thu Dec 17 16:11:42 CET 2015
Can anyone advise on the best method for performing an LDAP authorize if
I'm using both EAP-TLS and EAP-PEAP?
In my site config, I do:
eap {
ok = return
}
-ldap
This works great for PEAP, as the eap module returns and ok, then the
LDAP lookup is performed in the inner tunnel, once only.
However when a certificate based client associates with EAP-PEAP, the
eap module returns 'updated' and the ldap check is performed for each
packet. I have updated the ldap line to be:
ldap {
notfound = reject
}
For a successful authentication, it performs the ldap search a number of
times. Is there any way I can only do this once?
Dave Hartburn
More information about the Freeradius-Users
mailing list