Did some further searching on the listing and noticed that it is possible to do a string compared in the authorize and authenticate sections. As users using PAP are connecting via one SSID and users using 802.1x(PEAP) are connecting using another SSID, I figure out that I can have a configuration with two different ldap settings, one checking just userPassword and another checking userPassword as well as an additional attribute via the parameter 'access_attr = "EAPaccess"'. Added the configuration as follows under authorize and authenticate sections in the site-enabled/default file. if (Cisco-AVPair == "ssid=mynetwork") { ldap1 } else { ldap } However running radius in debug mode will return the following error. (Attribute Cisco-AVPair was not found) I know that it is possible to match the Cisco-AVPair in the users file. Can we do the same in the authorize/authenticate sections as well? Thanks/Regards, Ryan On Wed, Apr 16, 2008 at 10:04 PM, Ryan <majereryan@gmail.com> wrote:
Hi All,
I'm currently using 2.0.3 with authentication via LDAP. Currently I have situation whereby there is a requirement to explore on limiting access to the various types of authentication available.
Is it possible to configure to do so? That is some users can authenticate using just PAP and some other users can connect using EAP-PEAP?
Thanks/Regards, Ryan