Multiple Home Server for authentication
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Mar 3 14:53:29 CET 2010
Hi,
> I'm tryng to use Freeradius 2.x for managing a complex architecture. I use the 802.1x standard for wireless authentication.
> I need to authenticate users that have passwords in different authentication server whit different protocol (TTLS/PAP or PEAP/MSCHAPv2) and i'd want to proxy the requests tryng to authenticate in first auth server and more if the auth fails.
> Can I get this feature simply listing home servers in home_server_pool module in proxy.conf file?
not easily or at all if you use proxying - as all you'll get back is a reject/fail and
that'll be it.
ideally what you want to do is configure the FreeRADIUS server to talk to both of the
authentication servers....and if the first one fails then dont care and continue onto
the second one...etc etc. you need to check the fail-over section of the WIKI
http://wiki.freeradius.org/Fail-over
particularly the 'More Complex Configurations' section.
we actually use this to talk to 2 AD systems and 2 Kerberos systems - because
people are in one or the other...each system has different credentials and
different DOMAIN etc...but the mschap and krb5 sections of FreeRADIUS are very flexible
(we took the modules and have a mschap-new and mschap-old etc with correct parts in).
works great! PEAP, TTLS etc - we dont care. we just deal with it.
alan
More information about the Freeradius-Users
mailing list