I'm trying to finally rid myself of Cisco ACS with FR 1.1.3 and
mostly having great success (performance is so much better!) but
can't seem to figure out how to handle two different types of
wireless authentication in separate non-overlapping ways.
Case 1 is EAP/TLS where user ID (email address from cleint cert) is
also looked up via LDAP.
Case 2 is MAC authentication using the users file.
I have both of these working with one issuse, MACs that are not in
the users file are being sent to LDAP server adding unnecessary load.
authorize {
preprocess
files
ldap {
notfound = return
}
eap
}
The solution I can think of is to only send user name's that are
email addresses to ldap. Is this something that can be done with a
proxy conf and realms? I'm having trouble understanding if/how those
can influence the authorize section.
Thanks,
-Keith
------------------------------------------------------------------------
Keith Moores <mailto:[EMAIL PROTECTED]>
Network Systems
ITC-Communications and Systems Division
University of Virginia, ITC-2015 Ivy Rd Phone (434) 924-0621
Box 400324, Charlottesville, VA 22904-4324 Fax (434) 982-4715
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
