Newbie question... using different authentication sources?

José Queiroz zekkerj at gmail.com
Mon May 25 22:34:11 CEST 2015


The same question comes from both hints... how?

2015-05-25 17:26 GMT-03:00 Alan DeKok <aland at deployingradius.com>:

> On May 25, 2015, at 3:41 PM, José Queiroz <zekkerj at gmail.com> wrote:
> > I'm trying to set up a freeradius server to serve two clients, each of
> them
> > an independent wireless network. The first one uses WPA2-Enterprise, and
> is
> > expected to authenticate our users based on our internal LDAP server.
> >
> > The second one is a guest/open network, where users will pass their
> > credentials in a captive portal, and are expected to be authenticated by
> a
> > MySQL database.
> >
> > Problem is, both networks are covering the same area, and users of one of
> > them is not allowed to use the other.
>
>   So write that as a policy.  Put the users into groups, and allow group A
> to use authentication method A, and group B to use authentication method B,
>
> > I tried to set up radiusd.conf to include the appropriate modules, but I
> > noticed that if the user sends a valid credential in the wrong network,
> it
> > still gets authenticated.
> >
> > So, how can I enforce that users from NAS-IP-Address 1 get authenticated
> > only by MySQL, and NAS-IP-Address 2 only on LDAP?
> >
> > I'm using FreeRADIUS 1.1.7 on Suse SLES 10 SP4.
>
>   Upgrade.  No one will answer questions about a version of FreeRADIUS
> which is 8 years old.
>
> > I have some machines with
> > SLES 11 SP3, which will give me FreeRADIUS 2.1.1, but I prefer not using
> > them by now, for several reasons.
>
>   Don't use 2.1.1, either.
>
>   Honestly, you're best off installing version 3.  It's easier to
> configure, and has better error messages.
>
>  Alan DeKok.
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list