Alternate server certificate
Garber, Neal
Neal.Garber at energyeast.com
Mon Jul 20 19:17:20 CEST 2009
We have Access Points that contain multiple SSIDs. Some are for internal use and some are for guest access. All are secured using WPA w/PEAP. I would like FreeRadius to present a cert. from our internal CA for the SSIDs that are internal and present a cert. from one of the CA's that Windows trusts by default for guest access. I haven't found a way to control this on the AP (i.e., to select a different RADIUS server address or port based upon SSID). Is it possible to accomplish this in FreeRadius given that I can determine the SSID by looking at a request attribute?
Some ideas I have are:
- Have two instances of the EAP module (one for internal SSIDs and one for guest) and select which one to use with some unlang code (based upon the value of 1 request attribute)
- Create a virtual server for guest access that uses an EAP module with the cert. from the well-known CA
Will either or both of the above work? Is there a better way? We plan to convert our guest access to a captive portal, but it won't be ready for a while.
Thank you for your assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090720/e17c9c28/attachment.html>
More information about the Freeradius-Users
mailing list