distributed authentification scheme advice needed
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Sep 28 07:28:24 CEST 2011
On 28 Sep 2011, at 07:12, Zeus V Panchenko wrote:
> Hi,
>
> *please*, I need advice in choosing the strategy for the distributed EAP
> authentification scheme
>
> so, here are details of what I have and want:
>
> I run FreeRadius with EAP configured
>
> all my WiFi AP are configured to communicate with the radiusd and
> everything works fine
>
> now I need to extend my VPN with several remote branches where inet
> connection is not stable, but I need to provide WiFi access there too
> even in case when inet connection is off ...
>
>
> so, is it possible to use local (for each branch) radiusd to allow
> access, *but* :
>
> 1. if inet is alive, than authenticate via the central radius
> 2. if inet connection is not established, authenticate via local mechanism
> (preferably EAP)
>
Yes, home server pools let you specify a 'fallback' home server which can point to a virtual server. It should be working in v2.1.x but is currently broken in 3.x.
See proxy.conf for details.
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
More information about the Freeradius-Users
mailing list