Re: Diffrent authentication based by SSID

Marcin bierioza at o2.pl
Tue Aug 6 09:24:50 CEST 2013


Thank You for reply Alan.
I have working eap-tls for my staff and
Dnia 5 sierpnia 2013 21:52 A.L.M.Buxey at lboro.ac.uk napisał(a):
Hi,
> In that situation i need to have active, both sql and ldap, authorization
> modules in inner-tunnel. So users, who should identify by login/pass in
> guest SSID, can be authenticate via inner-tunnel ldap module. I don't want
> this.
use whatever you want to use. what do you use now? all you need to do is distinguish between
the two types of requests. and handle them how you want. will the guest SSID be 802.1X
if so, inner-tunnel is available by default (as thats used for EAP) - if not, then you wont
configure anything in there.
each SSID will be presented to your RADIUS server with particular attributes...you will
be able to use those to decide what to do.... eg
if (%{whatever-attribute} =~ /sometext/ ) {
ldap
}
else {
sql
}
that sort of thing. and to be honest. you WILL need some decent data source for advancing your
RADIUS into something scalable and usable...ie SQL or LDAP - sticking with a flat users file
will end up with tears in most systems.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130806/0e586934/attachment.html>


More information about the Freeradius-Users mailing list