virtual server configuration

usawebbox at fastmail.fm usawebbox at fastmail.fm
Tue Mar 11 03:47:47 CET 2008


>> I want to run two virtual servers on different ports, where one server
>> allows PEAP-MSCHAPV2 and the other doesn't. It seems that only one
>> eap.conf can be used.
>
>  No.  You can have multiple instances of the EAP module, just like
>anything else:
>
>  eap foo {
>	...
>  }
>
>  eap bar {
>	...
>  }
>
>> I can see how to separate the Authorize and
>> Authenticate sections, but I haven't seen any documentation on the
>> syntax to select or reject auth types - let alone individual EAP types -
>> within that file. I tried to make blocks for each server within
>> eap.conf, but it didn't work. Is there a doc on the details of this
>> feature, or some good examples online.
>
>  Configure two different eap modules.  Then refer to "foo" or "bar",
>and not 'eap".  The problem will solve itself.
>
>  Alan DeKok.

I was stuck for a long while. I created two modules, eap_main and
eap_gtc. My server1 and server2 virtual servers referred to each one
respectively. The server would start, but authentication would fail:

auth: type "EAP"
WARNING: Unknown value specified for Auth-Type.

The problem was solved when I changed my authenticate sections, adding:
Auth-Type EAP {
	eap_main
}

the default authenticate just had an unqualified 'eap' line. I'm not
sure why it's required after I virtualize.

I'm still having trouble with the eap_gtc section, because when I remove
TLS or empty it or try to return reject, the server won't start. Is
removing the section the right way to not support an eap type on one
virtual server?

Thanks for the reply. It was helpful.
-- 
  
  usawebbox at fastmail.fm

-- 
http://www.fastmail.fm - One of many happy users:
  http://www.fastmail.fm/docs/quotes.html




More information about the Freeradius-Users mailing list