different eap/tls config for different interfaces
Michael Griego
mgriego at utdallas.edu
Sat Aug 6 05:34:26 CEST 2005
After I'm done with the rlm_eap_tls rewrites and rlm_eap updates, there
will be functionality to have multiple EAP submodules of the same type
with different configurations. With this, you'll be able to force the
use of a specific EAP type instance by its instance name.
In the meantime, if you want to avoid bringing up two servers, you *can*
configure two EAP module instances, each with a different tls submodule
configuration. Force the Auth-Type to the EAP module with the correct
tls configuration based on your criteria. I've used this scenario in
the past.
--Mike
ragan_davis at colstate.edu wrote:
>Oh...duh...that makes sense. Should have considered that. I have since
>tested the behavior of the scenario I described, and Alan's on target.
>Doesn't really seem to matter which interface I enter on, or which
>common-name I use. Seems to work either way.
>
>thanks for the help!
>
>----- Original Message -----
>From: Kris Benson <kbenson at sd57.bc.ca>
>Date: Friday, August 5, 2005 5:28 pm
>Subject: Re: different eap/tls config for different interfaces
>
>
>
>>>ragan_davis at colstate.edu wrote:
>>>
>>>
>>>>If so, is it possible to have 2 different tls sections that service
>>>>the 2 different interfaces?
>>>>
>>>>
>>> No. FreeRADIUS supports only 1 TLS module at a time.
>>>
>>>
>>What Alan forgot to mention is a solution.
>>
>>If you run two copies of the Radius server, with one bound to
>>either a
>>different set of ports, or one to each IP, you could have separate
>>configs.
>>-kb
>>--
>>Kris Benson, CCP, I.S.P.
>>Technical Analyst, District Projects
>>School District #57 (Prince George)
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list