StrongSwan IKEv2 - eap-radius - Auth Failing

Matthew Newton mcn at
Wed Sep 15 23:16:37 CEST 2021

On 15/09/2021 22:00, Chris Myburgh wrote:
> Success!  Thanks a lot Matthew - really appreciate your help and the
> quick response.

OK great

> Now I need to proceed with assigning the IP's from radius!
> Here is the log just in case you wanted to see it.

You should be able to make it more efficient - at the moment it's now 
calling SQL for every round trip.

Cache the password in the session-state list and you won't need to get 
it after the first request, which will be 6 less hits on the database.

Probably something like this, instead of just "sql" directly:

if (&session-state:Cleartext-Password) {
   # use p/w we cached before
   update control {
     &Cleartext-Password = &session-state:Cleartext-Password
else {
   # hit database

   # if result, cache it
   if (&control:Cleartext-Password) {
     update session-state {
       &Cleartext-Password := &control:Cleartext-Password


More information about the Freeradius-Users mailing list