Group verification with Multiple SSID
Hi, I have a use case where I have 2 SSID and 2 databases of users , one locally configured users in a group and other set of users on a LDAP server. SSID 1 - > Local group of users on radius server SSID 2 -> Set of user configured in LDAP Authentication : PEAP- MSCHAPv2 I have modified mschap module to do ntlm_auth for SSID2 and use default mschap module for SSID 1, So now I have 2 mschap module in my radiusd.conf and uses unland to place if-elsif condition in authroize and authenticate block. Above setup is working fine. But I also need to verify ldap group ( i.e. user belongs to group or not) , Issues is , for SSID 1 users , radiusd is trying to do a group comparison on ldap server , which eventually fails. I guess the reason for this we have 1 users file and for each user radiusd refers that , Their should be way for radiusd to know which user file to refer for each SSID. To solve the issues I have create 2 users file users - > for LDAP users group policy users_local -> for local users create 2 modules like this: *files_local* { usersfile = ${confdir}/*users_local* *----> Above created file* acctusersfile = ${confdir}/acct_users compat = no } and modified *authroize* block if (Wlan == "local") { * files_local * } elsif (Wlan == "ldap") { redundant { ldap_primary ldap_secondary } } else { *files_local* } It seems to be working , Just wanted to check with experts here , is this is the way to go ? or their is some other simpler way ?
participants (2)
-
Alan DeKok -
Chitrang Srivastava