You'll have to set up two instances of the EAP module. The first instance will have the TLS submodule set up with the information for Cert1.pem (and the appropriate key and CA cert). The second instance will have its TLS submodule set with the info for Cert2.pem. It will look something like this: modules { ... eap eap1 { ... tls { certificate = Cert1.pem ... } } eap eap2 { ... tls { certificate = Cert2.pem ... } } } authorize { ... eap1 } authenticate { ... eap1 eap2 } Then, this is one of the few instances where you'll need to manually specify the Auth-Type in the users file, like this: DEFAULT Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1 DEFAULT Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2 Or, better yet, use regexes (this should work): DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1 --Mike On May 24, 2007, at 8:20 AM, Wolfgang Burger wrote:
Hi,
i´ve set up a freeRadius-Server (1.1.6) on OS X 10.3.9. I'm using it to authenticate my Wireless-LAN with 802.1X, EAP and self created certificates. Evertything works well so far.
Is there any possibility to select different certificate_files and private_key_files, deppending on the Called-Station-ID of the request?
As like: Called-Station-ID = "00112233445566:SSID1" -> Use Cert1.pem Called-Station-ID = "00112233445566:SSID2" -> Use Cert2.pem
Thank you so much for any help.
Kind Regards / Mit freundlichen Grüßen
Wolfgang Burger <burgerw@immunbio.mpg.de>
Max-Planck-Institut fuer Immunbiologie Scientific Data Processing Unit (+00 49) 761 / 5108 461 Stuebeweg 51 D-79108 Freiburg Germany - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html