Hi, I use freeradius with EAP-TTLS y EAP-PEAP, below there is ldap log, I wonder why radius "bothers" to query for anonymous uid and not only for uid into the tunnel
Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 fd=15 ACCEPT from IP=123.45.67.89:56075 (IP=0.0.0.0:636) Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 fd=15 TLS established tls_ssf=256 ssf=256 Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=0 BIND dn="cn=freeradius,ou=applications,dc=cadorna,dc=edu" method=128 Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=0 BIND dn="cn=freeradius,ou=applications,dc=cadorna,dc=edu" mech=SIMPLE ssf=0 Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=0 RESULT tag=97 err=0 text= Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=1 SRCH base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0 filter="(uid=anonymous)" Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=1 SRCH attr=radiusPassword radiusAllowed Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=2 SRCH base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0 filter="(uid=anonymous)" Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=2 SRCH attr=radiusPassword radiusAllowed Dec 3 08:54:26 sinclair slapd[11285]: conn=1264 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 3 08:54:27 sinclair slapd[11285]: conn=1264 op=3 SRCH base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0 filter="(uid=glinde)" Dec 3 08:54:27 sinclair slapd[11285]: conn=1264 op=3 SRCH attr=radiusPassword radiusAllowed Dec 3 08:54:27 sinclair slapd[11285]: conn=1264 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 3 08:54:28 sinclair slapd[11285]: conn=1264 op=4 SRCH base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0 filter="(uid=jinfan)" Dec 3 08:54:28 sinclair slapd[11285]: conn=1264 op=4 SRCH attr=radiusPassword radiusAllowed Dec 3 08:54:28 sinclair slapd[11285]: conn=1264 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 3 08:55:05 sinclair slapd[11285]: conn=1264 fd=15 closed (idletimeout) Does make sense to query for anonymous? Thanks in advance Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html