After I'm done with the rlm_eap_tls rewrites and rlm_eap updates, there
will be functionality to have multiple EAP submodules of the same type
with different configurations. With this, you'll be able to force the
use of a specific EAP type instance by its instance name.
In the meantime, if you want to avoid bringing up two servers, you *can*
configure two EAP module instances, each with a different tls submodule
configuration. Force the Auth-Type to the EAP module with the correct
tls configuration based on your criteria. I've used this scenario in
the past.
--Mike
[EMAIL PROTECTED] wrote:
Oh...duh...that makes sense. Should have considered that. I have since
tested the behavior of the scenario I described, and Alan's on target.
Doesn't really seem to matter which interface I enter on, or which
common-name I use. Seems to work either way.
thanks for the help!
----- Original Message -----
From: Kris Benson <[EMAIL PROTECTED]>
Date: Friday, August 5, 2005 5:28 pm
Subject: Re: different eap/tls config for different interfaces
[EMAIL PROTECTED] wrote:
If so, is it possible to have 2 different tls sections that service
the 2 different interfaces?
No. FreeRADIUS supports only 1 TLS module at a time.
What Alan forgot to mention is a solution.
If you run two copies of the Radius server, with one bound to
either a
different set of ports, or one to each IP, you could have separate
configs.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
