2 Certs for 2 SSID (802.1x)
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 16 17:46:53 CEST 2012
On 16/05/12 16:29, C.F. Yeung wrote:
> We have 2 SSL Certs for two SSID (802.1x). How can my freeradius server
> present wifi clients the cert based on SSID? Should I have two eap.conf?
Yes. Configure the two "eap" modules with different names e.g.
eap eap_cert1 {
...
}
eap eap_cert2 {
...
}
...and then configure your radius server to run the appropriate eap
module. Two choices for this:
1. If your wireless equipment allows it, configure each SSID with
different radius server IP/ports. Then make FreeRADIUS listen on
different ports like so:
listen {
type = auth
ipaddr = *
port = 18000
virtual_server = server1
}
server server1 {
authorize {
...
eap_cert1
}
authenticate {
...
eap_cert1
}
}
# repeat for cert1/eap2
2. Use "unlang" policies to match on SSID e.g. (untested)
authorize {
if (My-SSID == SSID1) {
eap_cert1
}
elsif (My-SSID == SSID2) {
eap_cert2
}
}
authenticate {
...
eap_cert1
eap_cert2
}
More information about the Freeradius-Users
mailing list