Accept both machine auth and user with domain auth

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Jun 27 10:31:14 CEST 2016


Hi,

> When I use the unlang condition to check for host in the User-Name, would
> it go under 'sites-enabled/default' authenticate section?

if thats the main virtual server that requests go through - then yes. would advise that you create your own virtual servers
and have the relevant client definitions pointing to them - allowing you trivial isolation of different policies
(eg for eduroam, put requests form national proxies straight through a minimal virtual server that starts with
permit_only_eap and then just auths - with pap,mschap,etc etc all removed in the outer...and only the required
EAP method in inner.  no VLAN assign etc etc.     then your internal virtual server (for host auth/user auth etc)
can have all this stuff for internal requirements...


alan


More information about the Freeradius-Users mailing list