Migration -> FR3 + CiscoAPs + Multiple SSID+ EAP-TLS +, Multiple Certs
Ted Hyde (RSI)
thyde at rndstudio.com
Thu Nov 29 18:20:04 CET 2018
On 11/29/2018 9:19 AM, freeradius-users-request at lists.freeradius.org wrote:
> Why not just:
>
> if (MAC SSID) {
> look up MAC
> if !known MAC reject
> if blocked MAC reject
>
> } elsif (open SSID) {
> if blocked MAC reject
> }
>
> Does that sound reasonable? If not, you need to describe your requirements a bit more clearly.
>
> Alan DeKok.
Alan thank you - from a pseudo-code level, what I am therefore looking
for is:
if (MAC_LIMITED-SSID && EAP-CERT-01)
{
check eap valid cert "EAP-CERT-01"
look up MAC
if !known MAC reject
if blocked MAC reject
(inferred tail deny)
}
else if (OPEN-SSID && EAP-CERT-02)
{
check eap valid cert "EAP-CERT-02"
accept
(inferred tail deny)
}
I am not looking to manage an implicit blocking list for OPEN-SSID; if
the client has the *appropriate* cert (designated for OPEN-SSID), and
they associate with OPEN-SSID, then they should be accepted. I do want
to maintain two separate certs each intended to match against their
designated SSIDs.
Thanks,
Ted.
More information about the Freeradius-Users
mailing list