Multiple servers using Realms.

Jan Hugo Prins jhp at jhprins.org
Sun Feb 5 20:18:09 CET 2012


Hi everyone,

Last week I started using Radius because I need authentication for a
wireless setup with EAP / MSCHAPV2 againts users that are in LDAP.

This works fine with all the different examples I found.

But now I'm reading the documentation and I get the impression from the
REALM stuff that I should be able to create multiple parallel server
instances in one configuration.

What I need to do on one server is the following:

I have a Aruba wireless setup which gives me the option to create
multiple virtual wireless accesspoints.

On VAP1 I want to authenticate users from domain1. These users all have
a full LDAP account and authentication works fine against this LDAP. I
have configured this and everyone can login using it's mailLocalAddress
attribute for authentication and the radius server is using the
credentials you give it to try to bind to LDAP and if this is successful
you are granted access to the Wireless accesspoint for domain1.

On VAP2 I want to authenticate users from domain2. These users are all
in an ADS and my radius server probably has to proxy to this ADS for
authentication. Am I right their?

On VAP3 I have a different customer. This customer is in a different OU
in the same openldap server as the users on VAP1. I need to isolate the
2 sets of users and in the configuration for VAP1 I have put the Base
for the LDAP search inside the OU of these users, that way other
customers are not able to authenticate against this setup. For the users
in VAP3 I have to create a different LDAP connection in the Radius
server that points to the OU for this company.

Can this indeed be done in one radius server configuration? Or do I need
multiple servers to do this. If this is possible does someone have some
pointers for me and maybe some example configurations?

-- 
Met vriendelijke groet,

Jan Hugo Prins
E: jhp at jhprins.org



More information about the Freeradius-Users mailing list