Hi,<br><br>I have a use case where I have 2 SSID and 2 databases of users , one locally configured users in a group and other set of users on a LDAP server.<br><br>SSID 1 - > Local group of users on radius server<br>SSID 2 -> Set of user configured in LDAP <br>
Authentication : PEAP- MSCHAPv2<br><br>I have modified mschap module to do ntlm_auth for SSID2 and use default mschap module for SSID 1, So now I have 2 mschap module in my radiusd.conf and uses unland to place if-elsif condition in authroize and authenticate block.<br>
<br>Above setup is working fine.<br><br>But I also need to verify ldap group ( i.e. user belongs to group or not) , <br>Issues is , for SSID 1 users , radiusd is trying to do a group comparison on ldap server , which eventually fails. I guess the reason for this we have 1 users file and for each user radiusd refers that , Their should be way for radiusd to know which user file to refer for each SSID.<br>
<br>To solve the issues I have create 2 users file <br>users - > for LDAP users group policy<br>users_local -> for local users<br><br>create 2 modules like this:<br><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">
<b>files_local</b> { <br>
usersfile = ${confdir}/<b>users_local</b> <b>----> Above created file</b>
<br>
acctusersfile = ${confdir}/acct_users <br>
compat = no <br>
}<br>and modified <b>authroize</b> block<br></span><br><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"> if (Wlan == "local") {
<br>
<b> files_local </b><br>
} <br>
elsif (Wlan == "ldap") { <br>
redundant { <br>
ldap_primary <br>
ldap_secondary <br>
} <br>
} <br>
else { <br>
<b>files_local</b> <br>
}</span><br><br>It seems to be working , Just wanted to check with experts here , is this is the way to go ?<br>or their is some other simpler way ?<br><br><br><br><br>