Cache user access on eap-ttls with ldap as authenticate system

Alan DeKok aland at
Thu Jan 14 18:36:07 CET 2021

On Jan 14, 2021, at 12:00 PM, André <netriver at> wrote:
> This only caches ldap attributes, it's not able to store results
> Access-Accept for example from a existing ldap confirmed authentication?


> Would it be possible to store the result "Access-Accept" for a user +
> password combination for future approval?


  That's not how EAP works.  You *cannot* just cache EAP packets and expect it to work.

  Your options are:

a) cache the Cleartext-Password (or whatever) returned from LDAP

b) set up session resumption caching.  See the "cache" subsection of mods-available/eap

c) both of the above

  Alan DeKok.

More information about the Freeradius-Users mailing list