Multiple Home Server for authentication

Rosario Lumia eryter at
Wed Mar 3 18:17:06 CET 2010

Thank you Alan, your help was precious and (I hope) needful.
In the next days I will send my (hopefully) configuration, if you consider
it appropriate.


Rosario L.

2010/3/3 Alan Buxey <A.L.M.Buxey at>

> Hi,
> > I'm tryng to use Freeradius 2.x for managing a complex architecture. I
> use the 802.1x standard for wireless authentication.
> > I need to authenticate users that have passwords in different
> authentication server whit different protocol (TTLS/PAP or PEAP/MSCHAPv2)
> and i'd want to proxy the requests tryng to authenticate in first auth
> server and more if the auth fails.
> > Can I get this feature simply listing home servers in home_server_pool
> module in proxy.conf file?
> not easily or at all if you use proxying - as all you'll get back is a
> reject/fail and
> that'll be it.
> ideally what you want to do is configure the FreeRADIUS server to talk to
> both of the
> authentication servers....and if the first one fails then dont care and
> continue onto
> the second one...etc etc. you need to check the fail-over section of the
> particularly the 'More Complex Configurations' section.
> we actually use this to talk to 2 AD systems and 2 Kerberos systems -
> because
> people are in one or the other...each system has different credentials and
> different DOMAIN etc...but the mschap and krb5 sections of FreeRADIUS are
> very flexible
> (we took the modules and have a mschap-new and mschap-old etc with correct
> parts in).
> works great! PEAP, TTLS etc - we dont care. we just deal with it.
> alan
> -
> List info/subscribe/unsubscribe? See

Rosario L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list