Yet another multiple SSID setup question

Nick Kartsioukas lists.freeradius at change.nightwind.net
Wed Jul 13 03:50:40 CEST 2011


On Tue, 12 Jul 2011 07:17 +0100, "Alexander Clouter"
<alex at digriz.org.uk> wrote:
> authorize {
>   ...
> 
>   if (Airespace-Wlan-Id == "student_ssid") {
>     EAP_student
>   }
>   else {
>     EAP_staff
>   }
> 
>   ...
> }

Thanks for the hints!  I think I've got my eap.conf set up as I need it.
 After some errors from freeradius and further document exploration, it
looks like what I need for the authorize section is this:
        rewrite_called_station_id

        if(Called-Station-Ssid == "staff") {
                mschap_staff
        }
        if(Called-Station-Ssid == "lab") {
                mschap_lab
        }
        if(Called-Station-Ssid == "student_wpa") {
                ldap
        }
        if(Called-Station-Ssid == "student") {
                ldap
        }

with the two different mschap modules sending the staff and lab AD
domain options to ntlm_auth respectively.  Unfortunately, this is
failing, with the mschap modules returning noop.  ldap does succeed at
least, it binds to the ldap directory and checks the user, but then
fails on authentication...
[ldap] user nicholas_kartsioukas authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
+++[ldap] returns ok
[...]
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.

So, I'm not sure what I'm missing here :/  I'm apparently not grasping
something very basic, but I don't know what it is.  I've not been very
successful at navigating the wiki, so far all I've found are lists of
the config files and the same comments within the config files, but
nothing regarding process flow through freeradius that indicates how
requests are handled so I can better understand what each config section
is actually doing.



More information about the Freeradius-Users mailing list