On Tue, 12 Jul 2011 07:17 +0100, "Alexander Clouter" <alex@digriz.org.uk> wrote:
authorize { ...
if (Airespace-Wlan-Id == "student_ssid") { EAP_student } else { EAP_staff }
... }
Thanks for the hints! I think I've got my eap.conf set up as I need it. After some errors from freeradius and further document exploration, it looks like what I need for the authorize section is this: rewrite_called_station_id if(Called-Station-Ssid == "staff") { mschap_staff } if(Called-Station-Ssid == "lab") { mschap_lab } if(Called-Station-Ssid == "student_wpa") { ldap } if(Called-Station-Ssid == "student") { ldap } with the two different mschap modules sending the staff and lab AD domain options to ntlm_auth respectively. Unfortunately, this is failing, with the mschap modules returning noop. ldap does succeed at least, it binds to the ldap directory and checks the user, but then fails on authentication... [ldap] user nicholas_kartsioukas authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 +++[ldap] returns ok [...] ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. So, I'm not sure what I'm missing here :/ I'm apparently not grasping something very basic, but I don't know what it is. I've not been very successful at navigating the wiki, so far all I've found are lists of the config files and the same comments within the config files, but nothing regarding process flow through freeradius that indicates how requests are handled so I can better understand what each config section is actually doing.