Hi,
I have a use case where I have 2 SSID and 2 databases of users , one locally configured users in a group and other set of users on a LDAP server.
SSID 1 - > Local group of users on radius server
SSID 2 -> Set of user configured in LDAP
Authentication : PEAP- MSCHAPv2
I have modified mschap module to do ntlm_auth for SSID2 and use default mschap module for SSID 1, So now I have 2 mschap module in my radiusd.conf and uses unland to place if-elsif condition in authroize and authenticate block.
Above setup is working fine.
But I also need to verify ldap group ( i.e. user belongs to group or not) ,
Issues is , for SSID 1 users , radiusd is trying to do a group comparison on ldap server , which eventually fails. I guess the reason for this we have 1 users file and for each user radiusd refers that , Their should be way for radiusd to know which user file to refer for each SSID.
To solve the issues I have create 2 users file
users - > for LDAP users group policy
users_local -> for local users
create 2 modules like this:
files_local {
usersfile = ${confdir}/users_local ----> Above created file
acctusersfile = ${confdir}/acct_users
compat = no
}
and modified authroize block
if (Wlan == "local") {
files_local
}
elsif (Wlan == "ldap") {
redundant {
ldap_primary
ldap_secondary
}
}
else {
files_local
}
It seems to be working , Just wanted to check with experts here , is this is the way to go ?
or their is some other simpler way ?