Le 13/06/2012 15:14, Alan DeKok a écrit :
Emmanuel BILLOT wrote:
Is it possible to split authorization step as follow :
- Considering we want to authorize user using EAP and MAC adresses
- http://wiki.freeradius.org/Mac-Auth works fine, but is it possible to
do EAP with one radius server and MAC address auth with another one ?
Yes, but it's generally a bad idea. It adds complexity with no real
purpose.
FreeRADIUS can be configured to do whatever you want. It's best to
keep everything in one server.
Look at the debug output to see *how* those packets are different.
Then, write down how you want them to be handled. Then, write the
"unlang" to do it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok thanks for your answer. Possibly this is a bad idea but we have
sometimes to work with obligations.
What module should i use to send MAC adresses to another radius server,
and getting back ok/nok before testing EAP ?
Using unlang yes, but what directive should i use ? Proxy cannot be one
because MAC adresse has no suffix.
--
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
10, rue Molière - 45000 Orléans
Tél : 02 38 79 45 57
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
