Split authorization / authentication
Emmanuel BILLOT
emmanuel.billot at ac-orleans-tours.fr
Wed Jun 13 15:35:30 CEST 2012
Le 13/06/2012 15:14, Alan DeKok a écrit :
> Emmanuel BILLOT wrote:
>> Is it possible to split authorization step as follow :
>>
>> - Considering we want to authorize user using EAP and MAC adresses
>> - http://wiki.freeradius.org/Mac-Auth works fine, but is it possible to
>> do EAP with one radius server and MAC address auth with another one ?
> Yes, but it's generally a bad idea. It adds complexity with no real
> purpose.
>
> FreeRADIUS can be configured to do whatever you want. It's best to
> keep everything in one server.
>
> Look at the debug output to see *how* those packets are different.
> Then, write down how you want them to be handled. Then, write the
> "unlang" to do it.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok thanks for your answer. Possibly this is a bad idea but we have
sometimes to work with obligations.
What module should i use to send MAC adresses to another radius server,
and getting back ok/nok before testing EAP ?
Using unlang yes, but what directive should i use ? Proxy cannot be one
because MAC adresse has no suffix.
--
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
10, rue Molière - 45000 Orléans
Tél : 02 38 79 45 57
More information about the Freeradius-Users
mailing list