Yet another multiple SSID setup question

Nick Kartsioukas lists.freeradius at
Tue Jul 12 03:50:23 CEST 2011

I've been looking through the wiki and staring at the config files and
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test SSID, but now I'm trying to figure out how
to split that into conditional checks.  Before I go chopping up the
existing config files and making a horrible mess of things, I wanted to
verify a few things with the wisdom of the list.

Okay...let's say I have an SSID for students and an SSID for staff. 
Students authenticate against LDAP, which stores passwords as salted
SHA1 hashes.  Staff authenticate against Windows ActiveDirectory.
I've found where the WLC sends the SSID to FreeRADIUS, so I can get at
that.  My question is, how do I set up the EAP-TTLS/PAP session for the
Student SSID and the separate PEAP/MSCHAPv2 session for the Staff SSID? 
Are these configured as different virtual servers?  Or just different
modules that I call from the users file like so:
DEFAULT Auth-Type := student_module, Called-Station-SSID := "student"
DEFAULT Auth-Type := staff_module, Called-Station-SSID := "staff"

If so how do I set that up, as that would be two different eap.conf
setups (wouldn't it)?  Am I missing something obvious in the docs?
Thanks for taking the time to help me out!

More information about the Freeradius-Users mailing list