how to disable a particular EAP type in freeradius2 for a particular ESSID ?
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 10 12:57:54 CET 2012
On 10/02/12 11:33, Riccardo Veraldi wrote:
> Hello,
> I have a radius infrastructure with multiple ESSID.
> in particular I have the eduroam ESSID and another local ESSID.
> They are managed by my freeradius2 server with 2 virtual-server
> instances, one for eduroam and the other for my local ESSID.
> Both are 802.1x infrastructures.
>
> I have always been disabling EAP-TLS in my local infrastructure writing
> this in the users file
>
> DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject
>
> but now I need EAP-TLS to be avaliable for eduroam and I do not like the
> solution to have a completely different radius server,
If you have an "eduroam" SSID, what's going to stop your users
connecting to that, and using EAP-TLS?
> I wanted to do it with only one freeradius server with virtual server
> configuration.
>
> Thus I need to enable EAP-TLS for eduroam and disable EAP-TLS for my
> local SSID.
Does your wireless platform let you set different radius servers
per-SSID? If so, you can run a FreeRADIUS virtual server on separate ports.
>
> How is possible to do this on freeradius2 ?
1. Define two virtual servers
2. Have them listen on different ports
3. Set the radius servers for the two SSIDs to the relevant ports
4. Write a different policy in each virtual server
More information about the Freeradius-Users
mailing list