Hi, > I'm tryng to use Freeradius 2.x for managing a complex architecture. I use > the 802.1x standard for wireless authentication. > I need to authenticate users that have passwords in different authentication > server whit different protocol (TTLS/PAP or PEAP/MSCHAPv2) and i'd want to > proxy the requests tryng to authenticate in first auth server and more if the > auth fails. > Can I get this feature simply listing home servers in home_server_pool module > in proxy.conf file?
not easily or at all if you use proxying - as all you'll get back is a reject/fail and that'll be it. ideally what you want to do is configure the FreeRADIUS server to talk to both of the authentication servers....and if the first one fails then dont care and continue onto the second one...etc etc. you need to check the fail-over section of the WIKI http://wiki.freeradius.org/Fail-over particularly the 'More Complex Configurations' section. we actually use this to talk to 2 AD systems and 2 Kerberos systems - because people are in one or the other...each system has different credentials and different DOMAIN etc...but the mschap and krb5 sections of FreeRADIUS are very flexible (we took the modules and have a mschap-new and mschap-old etc with correct parts in). works great! PEAP, TTLS etc - we dont care. we just deal with it. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html