On 10/02/12 11:33, Riccardo Veraldi wrote:
Hello, I have a radius infrastructure with multiple ESSID. in particular I have the eduroam ESSID and another local ESSID. They are managed by my freeradius2 server with 2 virtual-server instances, one for eduroam and the other for my local ESSID. Both are 802.1x infrastructures.
I have always been disabling EAP-TLS in my local infrastructure writing this in the users file
DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject
but now I need EAP-TLS to be avaliable for eduroam and I do not like the solution to have a completely different radius server,
If you have an "eduroam" SSID, what's going to stop your users connecting to that, and using EAP-TLS?
I wanted to do it with only one freeradius server with virtual server configuration.
Thus I need to enable EAP-TLS for eduroam and disable EAP-TLS for my local SSID.
Does your wireless platform let you set different radius servers per-SSID? If so, you can run a FreeRADIUS virtual server on separate ports.
How is possible to do this on freeradius2 ?
1. Define two virtual servers 2. Have them listen on different ports 3. Set the radius servers for the two SSIDs to the relevant ports 4. Write a different policy in each virtual server