Cache user access on eap-ttls with ldap as authenticate system

Alan DeKok aland at
Thu Jan 14 16:33:03 CET 2021

> On Jan 14, 2021, at 10:17 AM, André <netriver at> wrote:
> In sites-enabled/default in authorize I did the following:

  If you read the debug output, you'll see that it's checking the password in the "inner-tunnel" virtual server.

  Put the caching there.

> However this makes the server still use the ldap connection in
> authentication.
> rlm_ldap (ldap): Connecting to ldap://
> rlm_ldap (ldap): Could not start TLS: Can't contact LDAP server
> rlm_ldap (ldap): Opening connection failed (11)
> (23)       [ldap] = fail

  Yes.  Read ALL of the debug output.  Especially the bits where it checks the passwords.  Which is in the "inner-tunnel" virtual server.

  Alan DeKok.

More information about the Freeradius-Users mailing list