Re: EAP and non-EAP on same port?
Hi, >We'd like to simplify our configuration and use the same port for both. the default configuration does that alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and non-EAP on same port?
On 03/07/13 15:29, Bruce Bauman wrote: Right now we have freeradius configured so that EAP and non-EAP are handled by separate virtual servers which are listening on separate virtual ports. We'd like to simplify our configuration and use the same port for both. I've looked through the documentation without much success. Does anyone have an example configuration of this? The default config handles both eap and non-EAP just fine. You just list the "eap" and other auth modules ("mschap", "pap", "chap") in authorize and authenticate, and pull the password info from LDAP/SQL/files as per usual. However, it's likely you mean something more than the simple config you've specified. Can you be more specific about what is unclear to you? If you want to do some logic conditional on whether the request is EAP or not, you can do this; authorize { ... if (EAP-Message) { # we're an EAP request sql eap blahblah } else { # we're non-eap files ldap mschap chap pap } ... } And of course, the inner EAP auth can be sent to a virtual server - see the sample "eap.conf" that comes with the server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and non-EAP on same port?
Bruce Bauman wrote: > Right now we have freeradius configured so that EAP and non-EAP are > handled by separate virtual servers which are listening on separate > virtual ports. Why? > We'd like to simplify our configuration and use the same port for both. > I've looked through the documentation without much success. There's no magic here. There's no documentation on "how do I do EAP?". Because none is needed. EAP is just another module you list (or not) in a virtual server. So... list "eap" in the virtual serverm as is done in the example files raddb/sites-available/default, and also raddb/sites-available/inner-tunnel. > Does anyone have an example configuration of this? The default configuration does EAP and non-EAP on the same port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP and non-EAP on same port?
Right now we have freeradius configured so that EAP and non-EAP are handled by separate virtual servers which are listening on separate virtual ports. We'd like to simplify our configuration and use the same port for both. I've looked through the documentation without much success. Does anyone have an example configuration of this? Thanks. -- Bruce Bruce Bauman - Systems Administrator Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (848) 445-6363 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html