different eap/tls config for different interfaces
mgriego at utdallas.edu
Sat Aug 6 05:34:26 CEST 2005
After I'm done with the rlm_eap_tls rewrites and rlm_eap updates, there
will be functionality to have multiple EAP submodules of the same type
with different configurations. With this, you'll be able to force the
use of a specific EAP type instance by its instance name.
In the meantime, if you want to avoid bringing up two servers, you *can*
configure two EAP module instances, each with a different tls submodule
configuration. Force the Auth-Type to the EAP module with the correct
tls configuration based on your criteria. I've used this scenario in
ragan_davis at colstate.edu wrote:
>Oh...duh...that makes sense. Should have considered that. I have since
>tested the behavior of the scenario I described, and Alan's on target.
>Doesn't really seem to matter which interface I enter on, or which
>common-name I use. Seems to work either way.
>thanks for the help!
>----- Original Message -----
>From: Kris Benson <kbenson at sd57.bc.ca>
>Date: Friday, August 5, 2005 5:28 pm
>Subject: Re: different eap/tls config for different interfaces
>>>ragan_davis at colstate.edu wrote:
>>>>If so, is it possible to have 2 different tls sections that service
>>>>the 2 different interfaces?
>>> No. FreeRADIUS supports only 1 TLS module at a time.
>>What Alan forgot to mention is a solution.
>>If you run two copies of the Radius server, with one bound to
>>different set of ports, or one to each IP, you could have separate
>>Kris Benson, CCP, I.S.P.
>>Technical Analyst, District Projects
>>School District #57 (Prince George)
>>List info/subscribe/unsubscribe? See
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users