On Wed, Aug 28, 2013 at 10:10:32AM +0400, Iliya Peregoudov wrote: > On 28.08.2013 9:48, Olivier Beytrison wrote: > >On 28.08.2013 00:20, Martin Kraus wrote: > >>Hi. I'm using groups to authorize users and pull radius profiles for the > >>users. > >>My config is similar to what the default freeradius configuration offers. > > Why not just call rlm_ldap from inner-tunnel post-auth section? This > will ensure it called only once and only if inner-tunnel > authentication succeeds.
I used to use mschapv2 for authentication so I had to lookup passwords in the authorize section. I'm not sure what would happen if I moved the lookups to post-auth so I'll need to setup some testing environment for it. mk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html