Thank you Alan, your help was precious and (I hope) needful. In the next days I will send my (hopefully) configuration, if you consider it appropriate.
Thanks. Rosario L. 2010/3/3 Alan Buxey <a.l.m.bu...@lboro.ac.uk> > Hi, > > > I'm tryng to use Freeradius 2.x for managing a complex architecture. I > use the 802.1x standard for wireless authentication. > > I need to authenticate users that have passwords in different > authentication server whit different protocol (TTLS/PAP or PEAP/MSCHAPv2) > and i'd want to proxy the requests tryng to authenticate in first auth > server and more if the auth fails. > > Can I get this feature simply listing home servers in home_server_pool > module in proxy.conf file? > > not easily or at all if you use proxying - as all you'll get back is a > reject/fail and > that'll be it. > > ideally what you want to do is configure the FreeRADIUS server to talk to > both of the > authentication servers....and if the first one fails then dont care and > continue onto > the second one...etc etc. you need to check the fail-over section of the > WIKI > > http://wiki.freeradius.org/Fail-over > > particularly the 'More Complex Configurations' section. > > > we actually use this to talk to 2 AD systems and 2 Kerberos systems - > because > people are in one or the other...each system has different credentials and > different DOMAIN etc...but the mschap and krb5 sections of FreeRADIUS are > very flexible > (we took the modules and have a mschap-new and mschap-old etc with correct > parts in). > > works great! PEAP, TTLS etc - we dont care. we just deal with it. > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Rosario L.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html