Hi Ivan, my problem was that in LDAP i have the passwords save as SSHA, so i cant do 802.1x with EAP/PEAP/mschap
as i dont wanna change my LDAP configuration to store the passwords in clear-text, or to use samba.scheme and to use NT hash. The only option remaining from my view point was to try and distinguish between normal authentication and 802.1x authentication thats why i came up with this realm stuff, to be able to authenticate 802.1x users in the users file (where i have user/passwords in clear-text) and normal users in LDAP (SSHA) thats why i was asking if, its possible, and if it functional, or maybe there is another solution then the one provided by Alan (to not use 802.1x) :D thank you again for you feedback Best Regards, Caius Pargar --- On Wed, 11/11/09, t...@kalik.net <t...@kalik.net> wrote: > From: t...@kalik.net <t...@kalik.net> > Subject: Re: FR2.1.3+LDAP+802.1x+PEAP > To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> > Date: Wednesday, November 11, 2009, 1:06 AM > > i was thinking at the > following: > > to do the normal user authentication in LDAP, based on > the provided realm, > > and if no realm present authenticate the users in > users file. > > Users which use 802.1x will be saved in clear-text in > users file > > and users used for authentication for other stuff, > will be checked in LDAP > > (@mydomain.com) > > > > > > or can i switch this around? a user: myu...@dot1x.com > will be based on the > > real authenticated in users file for 802.1x and a user > with no realm will > > be authenticated in LDAP? > > > > please tell me your opinion on this, is it possible? > > Use suffix and configure dot1x.com as local realm in > proxy.conf: > > realm dot1x.com { > } > > ... and you don't need multiple entries for the same user. > Both users file > and ldap module will use Stripped-User-Name for > authentication by defauly. > > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html