Multiple servers using Realms.

Matthew Newton mcn4 at leicester.ac.uk
Mon Feb 6 01:01:48 CET 2012


On Sun, Feb 05, 2012 at 08:18:09PM +0100, Jan Hugo Prins wrote:
> On VAP2 I want to authenticate users from domain2. These users are all
> in an ADS and my radius server probably has to proxy to this ADS for
> authentication. Am I right their?

You can join your RADIUS server to the domain by installing Samba
and winbind, and auth directly from freeradius. Carefully follow
http://deployingradius.com/documents/configuration/active_directory.html

> customers are not able to authenticate against this setup. For the users
> in VAP3 I have to create a different LDAP connection in the Radius
> server that points to the OU for this company.

Create a different instance of the ldap module, for example

ldap vap3_ldap {
...
}

and call 'vap3_ldap' instead of 'ldap'.

> Can this indeed be done in one radius server configuration?

Yes.

> Or do I need multiple servers to do this. If this is possible
> does someone have some pointers for me and maybe some example
> configurations?

There are several ways to do it. One way would be to create three
different virtual servers, listening on different ports, with

listen {
       ipaddr = 0.0.0.0
       port = 18120 (for example)
       type = auth
}

then point each wlan RADIUS server at a different port.

If the 'VAP' name is put into an attribute in the request, or
there is some way to distinguish them, you could look at this in
the default server, and proxy to different virtual servers based
on it (see the virtual_server options in proxy.conf).

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>



More information about the Freeradius-Users mailing list