Mike, Sounds good, thanks for the info. Just curious: In the dual eap-tls configuration that you mentioned in the second paragraph, how would the radius server know which one to use for a given client?
thanks! ----- Original Message ----- From: Michael Griego <[EMAIL PROTECTED]> Date: Friday, August 5, 2005 11:34 pm Subject: Re: different eap/tls config for different interfaces > After I'm done with the rlm_eap_tls rewrites and rlm_eap updates, > there > will be functionality to have multiple EAP submodules of the same > type > with different configurations. With this, you'll be able to force > the > use of a specific EAP type instance by its instance name. > > In the meantime, if you want to avoid bringing up two servers, you > *can* > configure two EAP module instances, each with a different tls > submodule > configuration. Force the Auth-Type to the EAP module with the > correct > tls configuration based on your criteria. I've used this scenario > in > the past. > > --Mike > > > [EMAIL PROTECTED] wrote: > > >Oh...duh...that makes sense. Should have considered that. I > have since > >tested the behavior of the scenario I described, and Alan's on > target. > >Doesn't really seem to matter which interface I enter on, or which > >common-name I use. Seems to work either way. > > > >thanks for the help! > > > >----- Original Message ----- > >From: Kris Benson <[EMAIL PROTECTED]> > >Date: Friday, August 5, 2005 5:28 pm > >Subject: Re: different eap/tls config for different interfaces > > > > > > > >>>[EMAIL PROTECTED] wrote: > >>> > >>> > >>>>If so, is it possible to have 2 different tls sections that > service>>>>the 2 different interfaces? > >>>> > >>>> > >>> No. FreeRADIUS supports only 1 TLS module at a time. > >>> > >>> > >>What Alan forgot to mention is a solution. > >> > >>If you run two copies of the Radius server, with one bound to > >>either a > >>different set of ports, or one to each IP, you could have > separate > >>configs. > >>-kb > >>-- > >>Kris Benson, CCP, I.S.P. > >>Technical Analyst, District Projects > >>School District #57 (Prince George) > >> > >>- > >>List info/subscribe/unsubscribe? See > >>http://www.freeradius.org/list/users.html > >> > >> > >- > >List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html