Freeradius + MySQL + WiFi PEAP authorisation only to a group of users
lumirl
lumir at rosinter.cz
Sun Jan 22 02:12:15 CET 2012
I found the sollution some time ago.
This might be helpful for beginners like me.
The PEAP authentication is done using the site-enable/inner-tunnel virtual
server configuration by default.
So in the site-enabled/inner-tunnel in the section authorize add these:
======================
sql
if (SQL-Group == "wifi") {
# ok to login
}
else {
reject
}
======================
My original goal was to distinguish between wifi users and openvpn users.
Openvpn users gets authenticated using the radiusplugin with username and
password.
I use the radius server just for wifi and openvpn so I just need the
site-enabled/default config
========================
sql
if (NAS-Identifier == "OpenVpn") { #Nas-identifier is set in
radiusplugin.cnf
if (SQL-Group == "openvpn") {
}
else {
reject
}
}
=========================
And one last note - PEAP is using MSCHAPv2 and so the passwords must be
stored in cleartext (or nthash)!
I use for administration DiapUPAdmin - very nice and easy.
Hopefully this will help to somebody who was lost like me.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-MySQL-WiFi-PEAP-authorisation-only-to-a-group-of-users-tp4685928p5163539.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list