Pls help: virtual server specific EAP-TTLS/PEAP inner tunnel setting
Hi all, We got 2 problems when setting up a virtual server (testing.mydomain) to handle requests for realm @testing.mydomain: 1. we defined a new ldap server in modules/ldap and want to use it for authorization/authentication of realm @testing.mydomain, but have no idea how to use it since the ldap server defined in sites-enabled/inner-tunnel is always used. Can we define another inner-tunnel for this new virtual server? 2. seems authentication requests go through authorize section in sites-enabled/default before proxying to virtual server testing.mydomain. Can we skip this step or tell radiusd to go through authorize section other than the default one? Would anyone pls help? Thanks a lot. Best Regards, /ST Wong
We got 2 problems when setting up a virtual server (testing.mydomain) to handle requests for realm @testing.mydomain:
1. we defined a new ldap server in modules/ldap and want to use it for authorization/authentication of realm @testing.mydomain, but have no idea how to use it since the ldap server defined in sites-enabled/inner-tunnel is always used. Can we define another inner-tunnel for this new virtual server?
That new server should have a name. Replace ldap entry in inner-tunnel with name of theis new ldap instance.
2. seems authentication requests go through authorize section in sites-enabled/default before proxying to virtual server testing.mydomain. Can we skip this step or tell radiusd to go through authorize section other than the default one?
Probably not. What if the user is not from that realm? If all users from certain NAS are going to be from that realm you can use listen section to divert traffic to a certain virtual server. Read raddb/sites-available/README. Ivan Kalik Kalik Informatika ISP
participants (2)
-
ST Wong (ITSC) -
tnt@kalik.net