GUID based Authentication on FreeRadius

Rudolph Bott r at
Wed Dec 28 18:19:33 CET 2011

We have two different SSIDs - one with EAP-TLS for company-owned mobile 
devices (which will automatically receive a machine certificate to 
validate that) and a second one with PEAP and local users stored in a 
radius userfile.
Both SSIDs correspond to separate VLANs on the wireless controllers - 
would that be a solution for your scenario?
The second SSID/VLAN offers only limited access to company ressources. I 
guess it would be no great deal to switch the PEAP authentication 
backend from the local userfile to LDAP/Active Directory, if that is 

Am 28.12.2011 16:13, schrieb McSparin, Joe:
> Well that answers that then.
> My goal is, I have users that will connect wirelessly using their NT
> domain username and password on the hospitals wireless devices.
> I also however have doctors that will bring in their own laptops and
> connect.  When they connect with their laptops though I do not want them
> to have the same privileges as when they connect on the hospital
> wireless devices.
> If they are connecting with their home laptops even though they use
> their Ntdomain user name and password which the radius server will
> accept I want to restrict them to a public vlan.
> If they connect using a hospital device then I want it to assign them to
> a vlan based on their NTDomain User Group.  Since this is a hospital I
> have to have pretty strict security regulations with users.
> Thanks,
> Joseph R. McSparin
> Network Administrator
> Hill Country Memorial Hospital
> 830 990 6638 phone
> 830 990 6623 fax
> jmcsparin at
> -----Original Message-----
> From:
> at lists.freerad
> [ at lists
>] On Behalf Of Alan DeKok
> Sent: Wednesday, December 28, 2011 8:25 AM
> To: FreeRadius users mailing list
> Subject: Re: GUID based Authentication on FreeRadius
> McSparin, Joe wrote:
>> Anyone know if this is possible.  I have found information on MAC
> Based
>> Authentication but nothing on GUID.
>    What does that mean?
>    The GUID isn't sent in a RADIUS packet.  So doing GUID authentication
> makes no sense.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Mit freundlichen Grüßen / With kind regards
   Rudolph Bott

More information about the Freeradius-Users mailing list