> I have a functional question about freeradius and the ldap lookups. We > currently run cisco wlc440x with WPA2-AES-PEAP-MSCHAPv2 against > freeradius, and it is taking a while to authenticate - roughly 35 seconds. > It seems most of this is being chewed up by our slow ldap lookups (about > 4-6 seconds each, this is an ldap server issue), in combination with the > number of ldap lookups freeradius does per session (5-6). Is it normal > for the freeradius server to perform this many ldap lookups, or do I have > a configuration error? It seems like it does ldap calls each time it > receives an access-request from an access-challenge.
It doesn't. It does it first two times while eap type is established and then for inner tunnel requests. > I've played with the > controller auth timeouts, it doesn't seem to make a difference. Here is > the debug output from a single session: You can change default eap type in eap.conf to peap (it's mschav2 now; leave mschapv2 in peap section) and loose the first exchange. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
