different eap/tls config for different interfaces

Michael Griego mgriego at utdallas.edu
Sat Aug 6 05:34:26 CEST 2005

After I'm done with the rlm_eap_tls rewrites and rlm_eap updates, there 
will be functionality to have multiple EAP submodules of the same type 
with different configurations.  With this, you'll be able to force the 
use of a specific EAP type instance by its instance name.

In the meantime, if you want to avoid bringing up two servers, you *can* 
configure two EAP module instances, each with a different tls submodule 
configuration.  Force the Auth-Type to the EAP module with the correct 
tls configuration based on your criteria.  I've used this scenario in 
the past.


ragan_davis at colstate.edu wrote:

>Oh...duh...that makes sense.  Should have considered that.  I have since
>tested the behavior of the scenario I described, and Alan's on target. 
>Doesn't really seem to matter which interface I enter on, or which
>common-name I use.  Seems to work either way.
>thanks for the help!
>----- Original Message -----
>From: Kris Benson <kbenson at sd57.bc.ca>
>Date: Friday, August 5, 2005 5:28 pm
>Subject: Re: different eap/tls config for different interfaces
>>>ragan_davis at colstate.edu wrote:
>>>>If so, is it possible to have 2 different tls sections that service
>>>>the 2 different interfaces?
>>> No.  FreeRADIUS supports only 1 TLS module at a time.
>>What Alan forgot to mention is a solution.
>>If you run two copies of the Radius server, with one bound to 
>>either a
>>different set of ports, or one to each IP, you could have separate 
>>Kris Benson, CCP, I.S.P.
>>Technical Analyst, District Projects
>>School District #57 (Prince George)
>>List info/subscribe/unsubscribe? See 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list