Hi:
I currently use freeradius 2.1.6 for authentication on my Wlan with
WPA2-EAP-TLS. Now, I'd like to deploy multiple policies and
authentication methods.
As I use freeradius now, an authenticated user is authorized to
whatever. I'd like to be able to differenciate this authorization such
that, i.e. some users have full access, while other users have
restricted access and others have no access even if authenticated
successfully.
Is there some way of having freeradius call a script or connect to some
service, submitting the user authentication details and ip/mac address
such that access can be granted according to the user privileges?
More precisely, I'd like to deploy the following policies:
a. If a user authenticates with a certificate I issued, I trust them
with full access.
b. If the user authenticates with a foreign trusted certificate I will
grant web/mail access
c. If the user authenticates with a temporal password, time limited
access is granted to web/mail access
d. If the user fails to authenticate, any web access is redirected to a
web page explaining how to configure the system or request access
So, even failure to authenticate should result in some sort of guest
authentication without privileges.
Regarding c, how can I manage temporal accounts?
Thanks, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
