On 10/02/12 11:33, Riccardo Veraldi wrote:
Hello,
I have a radius infrastructure with multiple ESSID.
in particular I have the eduroam ESSID and another local ESSID.
They are managed by my freeradius2 server with 2 virtual-server
instances, one for eduroam and the other for my local ESSID.
Both are 802.1x infrastructures.
I have always been disabling EAP-TLS in my local infrastructure writing
this in the users file
DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject
but now I need EAP-TLS to be avaliable for eduroam and I do not like the
solution to have a completely different radius server,
If you have an "eduroam" SSID, what's going to stop your users
connecting to that, and using EAP-TLS?
I wanted to do it with only one freeradius server with virtual server
configuration.
Thus I need to enable EAP-TLS for eduroam and disable EAP-TLS for my
local SSID.
Does your wireless platform let you set different radius servers
per-SSID? If so, you can run a FreeRADIUS virtual server on separate ports.
How is possible to do this on freeradius2 ?
1. Define two virtual servers
2. Have them listen on different ports
3. Set the radius servers for the two SSIDs to the relevant ports
4. Write a different policy in each virtual server
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
