Newbie question... using different authentication sources?

Alan DeKok aland at
Mon May 25 22:26:05 CEST 2015

On May 25, 2015, at 3:41 PM, José Queiroz <zekkerj at> wrote:
> I'm trying to set up a freeradius server to serve two clients, each of them
> an independent wireless network. The first one uses WPA2-Enterprise, and is
> expected to authenticate our users based on our internal LDAP server.
> The second one is a guest/open network, where users will pass their
> credentials in a captive portal, and are expected to be authenticated by a
> MySQL database.
> Problem is, both networks are covering the same area, and users of one of
> them is not allowed to use the other.

  So write that as a policy.  Put the users into groups, and allow group A to use authentication method A, and group B to use authentication method B,

> I tried to set up radiusd.conf to include the appropriate modules, but I
> noticed that if the user sends a valid credential in the wrong network, it
> still gets authenticated.
> So, how can I enforce that users from NAS-IP-Address 1 get authenticated
> only by MySQL, and NAS-IP-Address 2 only on LDAP?
> I'm using FreeRADIUS 1.1.7 on Suse SLES 10 SP4.

  Upgrade.  No one will answer questions about a version of FreeRADIUS which is 8 years old.

> I have some machines with
> SLES 11 SP3, which will give me FreeRADIUS 2.1.1, but I prefer not using
> them by now, for several reasons.

  Don't use 2.1.1, either.

  Honestly, you're best off installing version 3.  It's easier to configure, and has better error messages.

 Alan DeKok.

More information about the Freeradius-Users mailing list