limiting login for particular purpose

dump at gmx.info dump at gmx.info
Sun May 22 00:49:09 CEST 2016


Dear list.

I have the following scenario:

Access to a WLAN is granted by freeradius using MySQL as backend. For
administration purposes apache with php is running. Users are able to
change their passwords via a simple web page. The authentication is
performed via a php radius module and direct connection to the
inner-tunnel.

I want to add a small administration page and I want to use radius via
php too for authentication of the admin. But I want to ensure that the
administration account can only be used for login into the
administration section and not for login into the WiFi-net.

I don't want to use realms for this purpose. I thought using the
Auth-Type directive in the radcheck or radgroupcheck table and
forbidding EAP authentication could be a possibility. But I don't know
how to arrange this.

Does somebody have some hints or another possibility for achieving the
described above?

Jens




More information about the Freeradius-Users mailing list