Cache user access on eap-ttls with ldap as authenticate system
Alan DeKok
aland at deployingradius.com
Thu Jan 14 18:36:07 CET 2021
On Jan 14, 2021, at 12:00 PM, André <netriver at gmail.com> wrote:
>
> This only caches ldap attributes, it's not able to store results
> Access-Accept for example from a existing ldap confirmed authentication?
No.
> Would it be possible to store the result "Access-Accept" for a user +
> password combination for future approval?
No.
That's not how EAP works. You *cannot* just cache EAP packets and expect it to work.
Your options are:
a) cache the Cleartext-Password (or whatever) returned from LDAP
b) set up session resumption caching. See the "cache" subsection of mods-available/eap
c) both of the above
Alan DeKok.
More information about the Freeradius-Users
mailing list