On 16/05/12 16:29, C.F. Yeung wrote:
We have 2 SSL Certs for two SSID (802.1x). How can my freeradius server
present wifi clients the cert based on SSID? Should I have two eap.conf?
Yes. Configure the two "eap" modules with different names e.g.
eap eap_cert1 {
...
}
eap eap_cert2 {
...
}
...and then configure your radius server to run the appropriate eap
module. Two choices for this:
1. If your wireless equipment allows it, configure each SSID with
different radius server IP/ports. Then make FreeRADIUS listen on
different ports like so:
listen {
type = auth
ipaddr = *
port = 18000
virtual_server = server1
}
server server1 {
authorize {
...
eap_cert1
}
authenticate {
...
eap_cert1
}
}
# repeat for cert1/eap2
2. Use "unlang" policies to match on SSID e.g. (untested)
authorize {
if (My-SSID == SSID1) {
eap_cert1
}
elsif (My-SSID == SSID2) {
eap_cert2
}
}
authenticate {
...
eap_cert1
eap_cert2
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
