On 28 Aug 2013, at 15:38, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On 28/08/13 15:11, Arran Cudbard-Bell wrote: >> >> On 28 Aug 2013, at 15:01, Phil Mayers <p.may...@imperial.ac.uk> wrote: >> >>> On 28/08/13 14:49, Arran Cudbard-Bell wrote: >>> >>>> Does anyone have a configuration which gets it down to a single LDAP query >>>> for PEAP? >>> >>> What inner? >> >> MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2? > > Apparently not; you can apparently run EAP-TLS inside PEAP, which is a new > one on me. > > For PEAP/MSCHAP, under 2.x the link someone posted to my horrible hack works. > Or under 3.x, "eap { ok = return }" in the inner-tunnel also works. OK. Just wondering if you could really get it down to a single lookup, IIRC you needed the 'known good' NT-Password data for a couple of rounds of MSCHAPv2? -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html