Newbie question... using different authentication sources?

José Queiroz zekkerj at
Mon May 25 21:41:41 CEST 2015


I'm trying to set up a freeradius server to serve two clients, each of them
an independent wireless network. The first one uses WPA2-Enterprise, and is
expected to authenticate our users based on our internal LDAP server.

The second one is a guest/open network, where users will pass their
credentials in a captive portal, and are expected to be authenticated by a
MySQL database.

Problem is, both networks are covering the same area, and users of one of
them is not allowed to use the other.

I tried to set up radiusd.conf to include the appropriate modules, but I
noticed that if the user sends a valid credential in the wrong network, it
still gets authenticated.

So, how can I enforce that users from NAS-IP-Address 1 get authenticated
only by MySQL, and NAS-IP-Address 2 only on LDAP?

I'm using FreeRADIUS 1.1.7 on Suse SLES 10 SP4. I have some machines with
SLES 11 SP3, which will give me FreeRADIUS 2.1.1, but I prefer not using
them by now, for several reasons.

More information about the Freeradius-Users mailing list