Possible to limit user access to different types of authentication?
Ryan
majereryan at gmail.com
Fri Apr 18 04:22:48 CEST 2008
Did some further searching on the listing and noticed that it is
possible to do a string compared in the authorize and authenticate
sections.
As users using PAP are connecting via one SSID and users using
802.1x(PEAP) are connecting using another SSID, I figure out that I
can have a configuration with two different ldap settings, one
checking just userPassword and another checking userPassword as well
as an additional attribute via the parameter 'access_attr =
"EAPaccess"'.
Added the configuration as follows under authorize and authenticate
sections in the site-enabled/default file.
if (Cisco-AVPair == "ssid=mynetwork") {
ldap1
}
else {
ldap
}
However running radius in debug mode will return the following error.
(Attribute Cisco-AVPair was not found)
I know that it is possible to match the Cisco-AVPair in the users
file. Can we do the same in the authorize/authenticate sections as
well?
Thanks/Regards,
Ryan
On Wed, Apr 16, 2008 at 10:04 PM, Ryan <majereryan at gmail.com> wrote:
> Hi All,
>
> I'm currently using 2.0.3 with authentication via LDAP. Currently I
> have situation whereby there is a requirement to explore on limiting
> access to the various types of authentication available.
>
> Is it possible to configure to do so? That is some users can
> authenticate using just PAP and some other users can connect using
> EAP-PEAP?
>
> Thanks/Regards,
> Ryan
>
More information about the Freeradius-Users
mailing list