I've solved the problem intercepting Airespace-Wlan-Id, and creating a reject rule in mysql for auth-type attribute, in radgroupreply…..posts on freeradius list has helped a lot. In this way users defined in mysql , say guest accounts, are not allows to associate to ad_wifi, while AD users are allowed to access both. Regards, Paolo. On 23/apr/2012, at 08:31, Alan DeKok wrote:
Paolo Barbato wrote:
Is it possible configure freeradius to select a specific authentication mechanism on a wlan basis ?
Yes.
Considering to have a couple of wlan , say ad_wifi and sql_wifi, I would allow only Active Directory authenticated users to associate to ad_wifi , while only users defined on a mySQL db can connect to sql_wifi.
As always, write the rules based on what's in the packets. DON'T talk about concepts. They're too vague.
Read the packets, and write the rules based on that.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------------------------------ Paolo Barbato Consorzio RFX corso Stati Uniti,4 35127 Padova - Italy Network Administrator phone: +39 049 8295097 fax: +39 049 8700718 ------------------------------------------------------------------------------------------------