Rainer Brinkmann wrote: > FreeRADIUS Version 1.1.0: > > Hello, > we run EAP-TTLS and what we get in Debug-Mode is, that every received > EAP-Packet within the TLS-Tunnel-establish runs the complete > authorize-section and slows down the overall time to create a TTLS-Tunnel. > Reason is, that the User-Name e.g. "NTB-BRINK-610", which is the > EAP-Identity, comes with every received EAP-Packet and is always checked > against the full authorize-section. Is it possible to skip this redundant > checks in the following EAP-responses that build a specific EAP-Session? > (the EAP-Idents cant be resolved in our LDAP, cause that machinenames are > always unknown to us. What we have to check are the inner-Tunnel - > credentials) > > kind regards > > Rainer Brinkmann > Network-Management > University-Clinicum Hamburg / Germany > > >
Yep, this issue is reduced in 2.0 pre1 , the eap module will return handled (so will skip the rest of the authorise and authenticate sections) when it doesn't need to authenticate the user, or acquire attributes for authorisation/ authentication. 2.0pre1 brings to number of full autz/auth runs, down to around 3-4 per EAP authentication. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html