Using multiple auth methods, ports
Dusty Doris
freeradius at mail.doris.cc
Mon Feb 20 04:37:03 CET 2006
> the request, which doesn't help me). The only thing the NAS can do that is
> "helpful" is send cert auth requests to a different UDP port than regular
> auth requests.
Perhaps there are new features that can take care of this for you in one
place, but if not, you can just run two radiusd instances. One for
"oldschool" and one for cert.
For example, say your raddb dir is in /etc/raddb now.
You would create two subdirs of that directory
mkdir /etc/raddb/oldschoool
mkdir /etc/raddb/cert
and perhaps for logging seperately as well
mkdir /var/log/radius/oldschool
mkdir /var/log/radius/cert
cp all the files from raddb to the two directories.
Modify the top of radiusd.conf to point to the new directories for
raddbdir, confdir, logdir, etc.. Modify the listen or port arguments
to make one listen on 1645 and the other on 1812.
Then modify the rest of it, such as the users file, to do what you want
for each seperate instance.
Then modify your startup script to fire off two instances using the -d
option, and make sure you get both instances as well no stop/restarts.
eg:
/pathto/radiusd -d /etc/raddb/oldschool
/pathto/radiusd -d /etc/raddb/cert
That will give you two seperate instances. One will be configured to only
handle oldschool logins and the other to only handle certs. It will be
another port/process you'll have to monitor, but it should give you what
you want.
More information about the Freeradius-Users
mailing list