Possible to limit user access to different types of authentication?

Ryan majereryan at gmail.com
Fri Apr 18 04:22:48 CEST 2008


Did some further searching on the listing and noticed that it is
possible to do a string compared in the authorize and authenticate
sections.

As users using PAP are connecting via one SSID and users using
802.1x(PEAP) are connecting using another SSID, I figure out that I
can have a configuration with two different ldap settings, one
checking just userPassword and another checking userPassword as well
as an additional attribute via the parameter 'access_attr =
"EAPaccess"'.

Added the configuration as follows under authorize and authenticate
sections in the site-enabled/default file.

if (Cisco-AVPair == "ssid=mynetwork") {
                ldap1
}

else {
                ldap
}

However running radius in debug mode will return the following error.

(Attribute Cisco-AVPair was not found)

I know that it is possible to match the Cisco-AVPair in the users
file. Can we do the same in the authorize/authenticate sections as
well?

Thanks/Regards,
Ryan

On Wed, Apr 16, 2008 at 10:04 PM, Ryan <majereryan at gmail.com> wrote:
> Hi All,
>
>  I'm currently using 2.0.3 with authentication via LDAP. Currently I
>  have situation whereby there is a requirement to explore on limiting
>  access to the various types of authentication available.
>
>  Is it possible to configure to do so? That is some users can
>  authenticate using just PAP and some other users can connect using
>  EAP-PEAP?
>
>  Thanks/Regards,
>  Ryan
>



More information about the Freeradius-Users mailing list