users file for NULL realm, LDAP for another
John Keimel
jkeimel at bowdoin.edu
Thu Jul 20 20:32:27 CEST 2006
I have two Freeradius servers, one of which authenticates MAC
addresses for wireless, the other usernames at myrealm.com for some
other network access.
I'd like to combine the two of them into one server. If the username
comes through without a realm (a MAC address) I'd like it to check
the users file. If it comes through with a realm, just check LDAP. If
the MAC address fails, it should never ever check LDAP. That just
beats up the LDAP server and the LDAP admin yells (with good reason!).
Should I be looking to do this just in the radiusd.conf? Or should I
be attempting to mangle some kind of proxy arrangement? Would anyone
care to share any sample configs for such a thing? It looks to me
like there may be several ways to do this and I'd like to spend the
time building up the best method. Proxy? Autz-type?
I am running Freeradius 1.0.2 from Debian Sarge. I did some mailing
list archive searching but I just might be checking the wrong search
terms, as I'm not finding a good result.
Thanks for any suggestions.
j
More information about the Freeradius-Users
mailing list