GUID based Authentication on FreeRadius
r at bott.im
Wed Dec 28 18:19:33 CET 2011
We have two different SSIDs - one with EAP-TLS for company-owned mobile
devices (which will automatically receive a machine certificate to
validate that) and a second one with PEAP and local users stored in a
Both SSIDs correspond to separate VLANs on the wireless controllers -
would that be a solution for your scenario?
The second SSID/VLAN offers only limited access to company ressources. I
guess it would be no great deal to switch the PEAP authentication
backend from the local userfile to LDAP/Active Directory, if that is
Am 28.12.2011 16:13, schrieb McSparin, Joe:
> Well that answers that then.
> My goal is, I have users that will connect wirelessly using their NT
> domain username and password on the hospitals wireless devices.
> I also however have doctors that will bring in their own laptops and
> connect. When they connect with their laptops though I do not want them
> to have the same privileges as when they connect on the hospital
> wireless devices.
> If they are connecting with their home laptops even though they use
> their Ntdomain user name and password which the radius server will
> accept I want to restrict them to a public vlan.
> If they connect using a hospital device then I want it to assign them to
> a vlan based on their NTDomain User Group. Since this is a hospital I
> have to have pretty strict security regulations with users.
> Joseph R. McSparin
> Network Administrator
> Hill Country Memorial Hospital
> 830 990 6638 phone
> 830 990 6623 fax
> jmcsparin at hillcountrymemorial.org
> -----Original Message-----
> freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists.freerad
> [mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists
> .freeradius.org] On Behalf Of Alan DeKok
> Sent: Wednesday, December 28, 2011 8:25 AM
> To: FreeRadius users mailing list
> Subject: Re: GUID based Authentication on FreeRadius
> McSparin, Joe wrote:
>> Anyone know if this is possible. I have found information on MAC
>> Authentication but nothing on GUID.
> What does that mean?
> The GUID isn't sent in a RADIUS packet. So doing GUID authentication
> makes no sense.
> Alan DeKok.
> List info/subscribe/unsubscribe? See
Mit freundlichen Grüßen / With kind regards
More information about the Freeradius-Users