different eap/tls config for different interfaces
ragan_davis at colstate.edu
ragan_davis at colstate.edu
Mon Aug 8 23:23:32 CEST 2005
Mike,
Sounds good, thanks for the info. Just curious: In the dual eap-tls
configuration that you mentioned in the second paragraph, how would
the radius server know which one to use for a given client?
thanks!
----- Original Message -----
From: Michael Griego <mgriego at utdallas.edu>
Date: Friday, August 5, 2005 11:34 pm
Subject: Re: different eap/tls config for different interfaces
> After I'm done with the rlm_eap_tls rewrites and rlm_eap updates,
> there
> will be functionality to have multiple EAP submodules of the same
> type
> with different configurations. With this, you'll be able to force
> the
> use of a specific EAP type instance by its instance name.
>
> In the meantime, if you want to avoid bringing up two servers, you
> *can*
> configure two EAP module instances, each with a different tls
> submodule
> configuration. Force the Auth-Type to the EAP module with the
> correct
> tls configuration based on your criteria. I've used this scenario
> in
> the past.
>
> --Mike
>
>
> ragan_davis at colstate.edu wrote:
>
> >Oh...duh...that makes sense. Should have considered that. I
> have since
> >tested the behavior of the scenario I described, and Alan's on
> target.
> >Doesn't really seem to matter which interface I enter on, or which
> >common-name I use. Seems to work either way.
> >
> >thanks for the help!
> >
> >----- Original Message -----
> >From: Kris Benson <kbenson at sd57.bc.ca>
> >Date: Friday, August 5, 2005 5:28 pm
> >Subject: Re: different eap/tls config for different interfaces
> >
> >
> >
> >>>ragan_davis at colstate.edu wrote:
> >>>
> >>>
> >>>>If so, is it possible to have 2 different tls sections that
> service>>>>the 2 different interfaces?
> >>>>
> >>>>
> >>> No. FreeRADIUS supports only 1 TLS module at a time.
> >>>
> >>>
> >>What Alan forgot to mention is a solution.
> >>
> >>If you run two copies of the Radius server, with one bound to
> >>either a
> >>different set of ports, or one to each IP, you could have
> separate
> >>configs.
> >>-kb
> >>--
> >>Kris Benson, CCP, I.S.P.
> >>Technical Analyst, District Projects
> >>School District #57 (Prince George)
> >>
> >>-
> >>List info/subscribe/unsubscribe? See
> >>http://www.freeradius.org/list/users.html
> >>
> >>
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html>
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list