> We have Access Points that contain multiple SSIDs. Some are for internal > use and some are for guest access. All are secured using WPA w/PEAP. I > would like FreeRadius to present a cert. from our internal CA for the > SSIDs that are internal and present a cert. from one of the CA's that > Windows trusts by default for guest access. I haven't found a way to > control this on the AP (i.e., to select a different RADIUS server address > or port based upon SSID). Is it possible to accomplish this in FreeRadius > given that I can determine the SSID by looking at a request attribute?
Yes. > > Some ideas I have are: > > - Have two instances of the EAP module (one for internal SSIDs and one for > guest) and select which one to use with some unlang code (based upon the > value of 1 request attribute) That should work. > - Create a virtual server for guest access that uses an EAP module with > the cert. from the well-known CA That is insecure. Your clients will trust *any* server certificate signed by that public CA. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html