Hi, > I have 2.1.6 and things basically work. But I just came across a > question about the processing of outer/inner identity: > > As I understand it, in case of a non-EAP RADIUS request (eg from my old > modem servers), there is no tunnel and hence no inner identity. > ==> Autz and Auth are done by the default virtual server and governed by > the settings in radiusd.conf and sites-available/default -- right? > > In case of an EAP request (we do EAP-TTLS and PEAP-MSCHAPv2), the outer > identity is simply used as a dummy during Tunnel setup > (Our EAP Clients use [email protected] as outer identity). > Nonetheless, freeradius does an LDAP request during Authorization > which, of course, fails with 'notfound'. freeradius then happily > proceeds to do the real authentication with inner-tunnel. > Now I wonder how to avoid that extra LDAP query. > > Here's my config (ldap123 refers to a virtual module doing > redundant-load-balance with 3 LDAP servers):
somthing in your users file is matching and enforcing LDAP ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
