James <list-freeradius@qujo.com> wrote:
My end-users right now are getting authenticated by the login-based
mysql radcheck table from freeradius and they are coming from multiple
locations through a web-based portal redirected by their gateway.
They're being authenticated by the web portal?
The connection is setup like this:
1. Laptop -> AP -> Gateway -> RADIUS & DSL Modem
2. The Gateway redirects clients to a custom web portal on the web.
3. when a client creates an account on the web portal, the web portal
has a custom login form for the gateway.
4. when the click on submit on the custom login form , it POST's to the
gateway and the gateway communicates back to the RADIUS and them gives
them access.
My question is, if there is a way to setup freeradius for example: to
allow for 3 locations to login through the login based authentication
(the way it is setup right now) and at the same time grant 2 other
locations access without the need of using login based authentication,
So you're asking that some people get forced to use the web portal,
and others bypass it?
Right now, people are already going through the web portal or are
already "forced to use the web portal" to get authenticated. so what I
am asking for is: if there is a way to setup RADIUS to somehow send a
message or configuration attribute to the gateway to allow any clients
connected to the gateway to access the internet without extra
authentication aside from simply connecting to the gateway itself.
This isn't a RADIUS problem. You're asking that some people (you
don't say how you determine that) bypass authentication... which means
bypassing RADIUS.
I don't see how RADIUS can tell people who don't use RADIUS that
they don't need to use RADIUS.
Alan Dekok.
Sorry if I was not clear before, I was not asking to bypass RADIUS at
all, please see the previous message.