Freeradius + MySQL + WiFi PEAP authorisation only to a group of users

lumirl lumir at rosinter.cz
Sun Jan 22 02:12:15 CET 2012


I found the sollution some time ago.
This might be helpful for beginners like me.
The PEAP authentication is done using the site-enable/inner-tunnel virtual
server configuration by default.
So in the site-enabled/inner-tunnel in the section authorize add these:
======================
sql
if (SQL-Group == "wifi") {
  # ok to login
   }
   else {
   reject
}
======================

My original goal was to distinguish between wifi users and openvpn users.
Openvpn users gets authenticated using the radiusplugin with username and
password.
I use the radius server just for wifi and openvpn so I just need the
site-enabled/default config
========================
sql
if (NAS-Identifier == "OpenVpn") { #Nas-identifier is set in
radiusplugin.cnf
        if (SQL-Group == "openvpn") {
        }
        else {
        reject
        }
}
=========================
And one last note - PEAP is using MSCHAPv2 and so the passwords must be
stored in cleartext (or nthash)!
I use for administration DiapUPAdmin - very nice and easy.
Hopefully this will help to somebody who was lost like me.

--
View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-MySQL-WiFi-PEAP-authorisation-only-to-a-group-of-users-tp4685928p5163539.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list