Pls help: virtual server specific EAP-TTLS/PEAP inner tunnel setting

tnt at kalik.net tnt at kalik.net
Mon Mar 2 11:38:24 CET 2009


>We got 2 problems when setting up a virtual server (testing.mydomain) to
>handle requests for realm @testing.mydomain:
>
>1. we defined a new ldap server in modules/ldap and want to use it for
>authorization/authentication of realm @testing.mydomain, but have no
>idea how to use it since the ldap server defined in
>sites-enabled/inner-tunnel is always used.  Can we define another
>inner-tunnel for this new virtual server?
>

That new server should have a name. Replace ldap entry in inner-tunnel
with name of theis new ldap instance.

>2. seems authentication requests go through authorize section in
>sites-enabled/default before proxying to virtual server
>testing.mydomain.  Can we skip this step or tell radiusd to go through
>authorize section other than the default one?

Probably not. What if the user is not from that realm? If all users from
certain NAS are going to be from that realm you can use listen section
to divert traffic to a certain virtual server. Read
raddb/sites-available/README.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list