how to disable a particular EAP type in freeradius2 for a particular ESSID ?
Matthew Newton
mcn4 at leicester.ac.uk
Sat Feb 11 19:14:54 CET 2012
On Sat, Feb 11, 2012 at 09:07:49AM +0100, Riccardo Veraldi wrote:
> Yes I wanted to use this solution but the problem is that when my
> Cisco 1200 access points contact freeradius, there is no SSID like
> attribute in the communication, in the request there is no SSID... I
> will try with the copy of module file I did not figure out it form
> the docs.
If your eduroam requests are going through a completely different
virtual server from your local SSID requests, then just follow
Alan's advice, but you don't need to test for SSID - just put it
in the virtual server that you want to block EAP-TLS, something
like
if (EAP-Type == "EAP-TLS") {
reject
}
For the Cisco APs, which don't seem to follow the RFCs for
Called-Station-Id (as far as I can tell) unless you use a WLC,
try:
ap(config)# radius-server vsa send authentication
and you should then end up with an attribute you can test:
Cisco-AVPair = "ssid=eduroam"
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list