Hello, I've recently installed a FreeRadius server (v1.1.6) on a Debian system to manage authentification on a Wifi mixed WPA/WPA2 (same SSID) network. Everything is ok but I want to use the same server for WPA (MAC athentification + captive portal) and WPA2 (EAP-TTLS + LDAP). I want your help to configure the radiusd.conf file : I want to translate the following code (will be ok in 2.0 version but I must do it now) like your examples in the Wiki ( http://wiki.freeradius.org/Fail-over , "More Complex Configuration" section) : [...] authorize { eap if ok { ldap1 ldap2 } else { files } } [...] How can I translate this with group and priority in order to work with 1.1.6version? Thanks in advance for your help! Regards Thibault
Thibault VIGNERON wrote:
I want to translate the following code (will be ok in 2.0 version but I must do it now) like your examples in the Wiki (http://wiki.freeradius.org/Fail-over , "More Complex Configuration" section) :
You will need to set Autz-Type by hand in a module. See doc/Autz-Type. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Thanks for you quick answer, I've read the doc about Autz-Type but in my case I want to authorize all clients by default (with captive portal for internet access) : My "users" file config is simple: [...] #BLACKLIST #00xxxxxxxxxe Auth-Type := Reject #ALLOW ALL CLIENTS BY DEFAULT DEFAULT Auth-Type := Accept [...] So I'm not an expert but I think I can't apply the Autz-Type solution here? Maybe I'm wrong? Last questions : Is it possible to do what I want (my boss in fact) with this type of "users" configuration? And is it possible to do mixed WPA (all mac allowed by default + captive portal) / WPA2 (EAP-TTLS + LDAP) authentification on the same FreeRadius server? I want to be sure that I could continue in this way with my actual config. Thanks you very much for your help! Regards Thibault 2007/4/27, Alan DeKok <aland@deployingradius.com>:
Thibault VIGNERON wrote:
I want to translate the following code (will be ok in 2.0 version but I must do it now) like your examples in the Wiki (http://wiki.freeradius.org/Fail-over , "More Complex Configuration" section) :
You will need to set Autz-Type by hand in a module. See doc/Autz-Type.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Thibault VIGNERON wrote:
So I'm not an expert but I think I can't apply the Autz-Type solution here? Maybe I'm wrong?
Yes, you can apply it. See the documentation.
Last questions : Is it possible to do what I want (my boss in fact) with this type of "users" configuration? And is it possible to do mixed WPA (all mac allowed by default + captive portal) / WPA2 (EAP-TTLS + LDAP) authentification on the same FreeRadius server?
EAP requires access to the users passwords for authentication to work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Thibault VIGNERON