On Tue, Aug 27, 2013 at 05:20:32PM -0400, Alan DeKok wrote: > Again, look at the debug log to see what's happening. *WHY* are you > doing LDAP lookups at all? Can you not delay them?
Hi. I'm using groups to authorize users and pull radius profiles for the users. My config is similar to what the default freeradius configuration offers. > > And rlm_cache should help a lot, too. I'm stuck with 2.1.10 on ubuntu:-( Anyway I managed to filter out most of the redundant ldap lookups. the only thing I'm stuck with are lookups during TLS negotiation either in the default server for EAP-TLS or in the inner-tunnel server for EAP-TTLS/EAP-TLS. The handshake takes 8 access-requests and the only way I can see to filter it out is to somehow findout if the EAP-Message AVPs contain something to tell me whether it's about to be done or not. for EAP-TTLS and PEAP the eap module in authorize section returns "ok" which jumps out of the authorize section so the eap module in the authentication section can process it. But for EAP-TLS it returns "handled" so the whole authorize section gets parsed. mk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
