Nick Kartsioukas <lists.freerad...@change.nightwind.net> wrote: > > Thanks for the hints! I think I've got my eap.conf set up as I need it. > After some errors from freeradius and further document exploration, it > looks like what I need for the authorize section is this: > rewrite_called_station_id > > if(Called-Station-Ssid == "staff") { > mschap_staff > } > if(Called-Station-Ssid == "lab") { > mschap_lab > } > if(Called-Station-Ssid == "student_wpa") { > ldap > } > if(Called-Station-Ssid == "student") { > ldap > } > I would *strongly* recommend you run just one SSID and use VLAN assignment in post-auth to ---- post-auth { ...
# defaults update reply { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := "unauthorised" Termination-Action := RADIUS-Request Session-Timeout := 300 Acct-Interim-Interval := 3600 } if (Ldap-Group == foobar) { update reply { Tunnel-Private-Group-Id := "staff" } } else { ... } } ---- The huge advantage is that *every* user at your organisation can follow the same instructions to connect to the wireless (and wired) network. It is also then trivial to put in 'eduroam'; if you use 'eduroam' from day one (*strongly* recommended to avoid pain down the road). Cheers -- Alexander Clouter .sigmonster says: Youth is the trustee of posterity. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html