I have a fairly standard config, using EAP/TTLS and an LDAP back end. Both EAP and non-EAP requests need to do LDAP lookups.
It's working well (I did very little customizing), except I see a lot of the anonymous outer id's getting sent to the LDAP servers. I moved EAP above LDAP in the config, and it seems to have eliminated those when EAP returns 'ok', but I'm still seeing some. It looks like when EAP returns 'updated' it still runs anonymous through LDAP. I noticed the eap def has ok = return, should I add updated = return to avoid the anonymous LDAP lookups? -John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
