Hi, > I have a fairly standard config, using EAP/TTLS and an LDAP back end. Both > EAP and non-EAP requests need to do LDAP lookups. > > It's working well (I did very little customizing), except I see a lot of the > anonymous outer id's getting sent to the LDAP servers. I moved EAP above > LDAP in the config, and it seems to have eliminated those when EAP returns > 'ok', but I'm still seeing some. It looks like when EAP returns 'updated' it > still runs anonymous through LDAP. > > I noticed the eap def has ok = return, should I add updated = return to avoid > the anonymous LDAP lookups?
1.x or 2.x? in 2.x you can configure EAP to use the inner-tunnel virtual server and then it'll stop hitting the outer authentication LDAP alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
