FR2.1.3+LDAP+802.1x+PEAP

tnt at kalik.net tnt at kalik.net
Wed Nov 11 00:06:26 CET 2009


> i was thinking at the following:
> to do the normal user authentication in LDAP, based on the provided realm,
> and if no realm present authenticate the users in users file.
> Users which use 802.1x will be saved in clear-text in users file
> and users used for authentication for other stuff, will be checked in LDAP
> (@mydomain.com)
>
>
> or can i switch this around? a user: myuser at dot1x.com will be based on the
> real authenticated in users file for 802.1x and a user with no realm will
> be authenticated in LDAP?
>
> please tell me your opinion on this, is it possible?

Use suffix and configure dot1x.com as local realm in proxy.conf:

realm dot1x.com {
}

... and you don't need multiple entries for the same user. Both users file
and ldap module will use Stripped-User-Name for authentication by defauly.


Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list