Multiple Home Server for authentication

[Rosario Lumia]

Thank you Alan, your help was precious and (I hope) needful.
In the next days I will send my (hopefully) configuration, if you consider
it appropriate.

Thanks.

Rosario L.


2010/3/3 Alan Buxey <A.L.M.Buxey at lboro.ac.uk>

> Hi,
>
> > I'm tryng to use Freeradius 2.x for managing a complex architecture. I
> use the 802.1x standard for wireless authentication.
> > I need to authenticate users that have passwords in different
> authentication server whit different protocol (TTLS/PAP or PEAP/MSCHAPv2)
> and i'd want to proxy the requests tryng to authenticate in first auth
> server and more if the auth fails.
> > Can I get this feature simply listing home servers in home_server_pool
> module in proxy.conf file?
>
> not easily or at all if you use proxying - as all you'll get back is a
> reject/fail and
> that'll be it.
>
> ideally what you want to do is configure the FreeRADIUS server to talk to
> both of the
> authentication servers....and if the first one fails then dont care and
> continue onto
> the second one...etc etc. you need to check the fail-over section of the
> WIKI
>
> http://wiki.freeradius.org/Fail-over
>
> particularly the 'More Complex Configurations' section.
>
>
> we actually use this to talk to 2 AD systems and 2 Kerberos systems -
> because
> people are in one or the other...each system has different credentials and
> different DOMAIN etc...but the mschap and krb5 sections of FreeRADIUS are
> very flexible
> (we took the modules and have a mschap-new and mschap-old etc with correct
> parts in).
>
> works great! PEAP, TTLS etc - we dont care. we just deal with it.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Rosario L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100303/41b4bf8c/attachment.html>