Jeffrey Collyer wrote: > setup information that I failed to explain properly the first time : > freeradius 2.1.7 is used to > authenticate wireless users with eap-tls
Well... that would have been nice to say. > I started with a default configuation and added ldap to it in the > sites-enabled/default file's authorize section. And it worked > authenticating the client, but with many (about a dozen) ldap lookups. Because there are about a dozen EAP packet exchanges. > Then I realized that the 'tls' section of the modules/eap.conf file > doesn't have a virtual_server directive, but even after putting that in > the 'tls' section, its still doesn't run an ldap query when I try to > authenticate. Because the "virtual_server" directive doesn't belong in the "tls" section. > So my assumption is that the eap module doesn't use the inner tunnel for > tls. Yes. The solution is to move the LDAP checks to the "post-auth" stage. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
