pap + mac auth authentication problem

Frédéric Goudal frederic.goudal at bordeaux-inp.fr
Tue Oct 30 16:57:36 CET 2018


> Le 30 oct. 2018 à 16:51, Alan DeKok <aland at deployingradius.com> a écrit :
> 
> On Oct 30, 2018, at 10:45 AM, Frédéric Goudal <frederic.goudal at bordeaux-inp.fr> wrote:
>> I’m in the following situation :
>> - I have switches that share either wifi and wired connexions.
>> - on wifi connexion I have an eap/peap authentication
>> - what I want is that on wired connexion, if the user/password authentication fail, authentication is done on mac-adress with automatic vlan configuration.
>> 
>> I have a working wifi configuration on a first server
>> I have a working wired configuration on a second server
>> 
>> Is there any way to mix both on a single server ?
> 
>  Yes.
> 
>> The wifi configuration is :
> 
>  Please don't post configurations to the list.  We don't need to see them.

Different mailing list different usages, I don’t have them all in mind… some want the configuration some like this one don’t… 

>  We're also not going to edit the configurations for you, or create the custom configuration you want.

:) Did I ask for that ? No. (Answer of a tired admin sys that have been digging in what is self-called a documentation for several days)

>  What you have to do is look for differences in the packets, and then key off of those differences.  For WiFi, this means looking for EAP-Message:
> 
> authorize {
> 	if (EAP-Message) {
> 		... WiFi stuff ...
> 	}
> 	else {
> 		... MAC auth stuff...
> 	}
> }

Thanks.

f.g.







More information about the Freeradius-Users mailing list