Accept both machine auth and user with domain auth
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jun 27 10:31:14 CEST 2016
Hi,
> When I use the unlang condition to check for host in the User-Name, would
> it go under 'sites-enabled/default' authenticate section?
if thats the main virtual server that requests go through - then yes. would advise that you create your own virtual servers
and have the relevant client definitions pointing to them - allowing you trivial isolation of different policies
(eg for eduroam, put requests form national proxies straight through a minimal virtual server that starts with
permit_only_eap and then just auths - with pap,mschap,etc etc all removed in the outer...and only the required
EAP method in inner. no VLAN assign etc etc. then your internal virtual server (for host auth/user auth etc)
can have all this stuff for internal requirements...
alan
More information about the Freeradius-Users
mailing list