Alan DeKok wrote: > Frank Sweetser wrote: >> The usernames currently don't have a domain portion. Would it be possible >> for >> me to set a default domain for a given username? (The list is small, so >> would >> be manageable for me.) And if so, could you give me at least a rough example >> of how I would set this up? > > You can configure two different versions of the EAP module. Each one > has it's own server cert && CA. Then, in the "authorize" section, do: > > authorize { > ... > if (User-Name == "user1") { > eap_1 > } > elsif (User-Name == "user2") { > eap_2 > } > ... > > } > > authenticate { > ... > eap_1 > eap_2 > ... > } > > That should work.
That looks exactly like what I was looking for - thanks! I'll give this a shot on Monday and report back on how it worked... -- Frank Sweetser fs at wpi.edu | For every problem, there is a solution that WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html