Cache user access on eap-ttls with ldap as authenticate system
André
netriver at gmail.com
Thu Jan 14 16:17:50 CET 2021
Hello,
Sorry.
To be more explicit:
In sites-enabled/default in authorize I did the following:
update control {
Cache-Status-Only = 'yes'
}
cache
if (notfound) {
ldap
}
if (User-Password) { # <- when using cache this it's here with True
update control {
Auth-Type := ldap
}
}
cache
}
However this makes the server still use the ldap connection in
authentication.
rlm_ldap (ldap): Connecting to ldap://jumia.ldap.idp.com:389
rlm_ldap (ldap): Could not start TLS: Can't contact LDAP server
rlm_ldap (ldap): Opening connection failed (11)
(23) [ldap] = fail
Why I did it?
Following the example from the link below:
https://wiki.freeradius.org/modules/Rlm_cache
I did try to use this code in authenticate but the server does not accept
it.
Also I have eap cache enabled , but that is not being hit as I do have
nothing extra to cache other that the user data.
Above you can still see it's trying to connect to the ldap server because
this still hits authentication.
Does this clarification help?
Best regards,
On Thu, Jan 14, 2021 at 2:53 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Jan 14, 2021, at 9:20 AM, André <netriver at gmail.com> wrote:
> >
> > Yes... But it seems it's not working correctly as I configured it.
>
> What did you configure?
>
> > In the configuration above you can see it's still querying the ldap
> server.
>
> No.
>
> > Can you have a look at the config and provide some suggestions?
>
> No.
>
> It is not appropriate to just dump a configuration file on the list and
> ask us to fix it. See http://wiki.freeradius.org/list-help for more
> details.
>
> You need to describe WHAT you did, WHY you did it, and WHAT you expected
> to see.
>
> Right now, all you're saying is "I did stuff, it doesn't work, you guys
> figure out why!"
>
> Just... no.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list