I've been looking through the wiki and staring at the config files and I'm...confused. I've successfully gotten our Cisco WLC to authenticate against ActiveDirectory as well as a Sun LDAP server (just one at a time) via FreeRADIUS for a single test SSID, but now I'm trying to figure out how to split that into conditional checks. Before I go chopping up the existing config files and making a horrible mess of things, I wanted to verify a few things with the wisdom of the list.
Okay...let's say I have an SSID for students and an SSID for staff. Students authenticate against LDAP, which stores passwords as salted SHA1 hashes. Staff authenticate against Windows ActiveDirectory. I've found where the WLC sends the SSID to FreeRADIUS, so I can get at that. My question is, how do I set up the EAP-TTLS/PAP session for the Student SSID and the separate PEAP/MSCHAPv2 session for the Staff SSID? Are these configured as different virtual servers? Or just different modules that I call from the users file like so: DEFAULT Auth-Type := student_module, Called-Station-SSID := "student" DEFAULT Auth-Type := staff_module, Called-Station-SSID := "staff" If so how do I set that up, as that would be two different eap.conf setups (wouldn't it)? Am I missing something obvious in the docs? Thanks for taking the time to help me out! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html