distributed authentification scheme advice needed

[Zeus V Panchenko]

Hi,

*please*, I need advice in choosing the strategy for the distributed EAP
authentification scheme

so, here are details of what I have and want:

I run FreeRadius with EAP configured 

all my WiFi AP are configured to communicate with the radiusd and
everything works fine

now I need to extend my VPN with several remote branches where inet
connection is not stable, but I need to provide WiFi access there too
even in case when inet connection is off ...


so, is it possible to use local (for each branch) radiusd to allow
access, *but* :

1. if inet is alive, than authenticate via the central radius
2. if inet connection is not established, authenticate via local mechanism
   (preferably EAP)

-- 
Zeus V. Panchenko
JID:zeus at gnu.org.ua			      	        GMT+2 (EET)