Hello, Thanks guys for your help on this!! I configured 2 instances of mschap, one for machine auth and the other for users and called the machine auth one based on the user name containing 'host'. Everything works well now :) And the virtual servers is a good idea! Cheers, - Trevor On Mon, Jun 27, 2016 at 4:31 AM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
When I use the unlang condition to check for host in the User-Name, would it go under 'sites-enabled/default' authenticate section?
if thats the main virtual server that requests go through - then yes. would advise that you create your own virtual servers and have the relevant client definitions pointing to them - allowing you trivial isolation of different policies (eg for eduroam, put requests form national proxies straight through a minimal virtual server that starts with permit_only_eap and then just auths - with pap,mschap,etc etc all removed in the outer...and only the required EAP method in inner. no VLAN assign etc etc. then your internal virtual server (for host auth/user auth etc) can have all this stuff for internal requirements...
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html