GUID based Authentication on FreeRadius

Rudolph Bott r at bott.im
Wed Dec 28 18:19:33 CET 2011


We have two different SSIDs - one with EAP-TLS for company-owned mobile 
devices (which will automatically receive a machine certificate to 
validate that) and a second one with PEAP and local users stored in a 
radius userfile.
Both SSIDs correspond to separate VLANs on the wireless controllers - 
would that be a solution for your scenario?
The second SSID/VLAN offers only limited access to company ressources. I 
guess it would be no great deal to switch the PEAP authentication 
backend from the local userfile to LDAP/Active Directory, if that is 
required.

Am 28.12.2011 16:13, schrieb McSparin, Joe:
> Well that answers that then.
> My goal is, I have users that will connect wirelessly using their NT
> domain username and password on the hospitals wireless devices.
> I also however have doctors that will bring in their own laptops and
> connect.  When they connect with their laptops though I do not want them
> to have the same privileges as when they connect on the hospital
> wireless devices.
> If they are connecting with their home laptops even though they use
> their Ntdomain user name and password which the radius server will
> accept I want to restrict them to a public vlan.
> If they connect using a hospital device then I want it to assign them to
> a vlan based on their NTDomain User Group.  Since this is a hospital I
> have to have pretty strict security regulations with users.
>
> Thanks,
>
>
> Joseph R. McSparin
> Network Administrator
> Hill Country Memorial Hospital
> 830 990 6638 phone
> 830 990 6623 fax
> jmcsparin at hillcountrymemorial.org
>
> -----Original Message-----
> From:
> freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists.freerad
> ius.org
> [mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists
> .freeradius.org] On Behalf Of Alan DeKok
> Sent: Wednesday, December 28, 2011 8:25 AM
> To: FreeRadius users mailing list
> Subject: Re: GUID based Authentication on FreeRadius
>
> McSparin, Joe wrote:
>> Anyone know if this is possible.  I have found information on MAC
> Based
>> Authentication but nothing on GUID.
>
>    What does that mean?
>
>    The GUID isn't sent in a RADIUS packet.  So doing GUID authentication
> makes no sense.
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-- 
Mit freundlichen Grüßen / With kind regards
   Rudolph Bott



More information about the Freeradius-Users mailing list