On Feb 15, 2013, at 3:24 PM, Linchuan Yang <linchuan.y...@concordia.ca> wrote:
> Dear All > > Do you use different radius servers for your local SSID and eduroam SSID? > > Currently, we are using the same radius servers for both of SSID, and we > found that some of our local users login with eduroam SSID inside our campus. > > We want to block our local users (both user...@concordia.ca and user123)to > login with eduroam SSID, could you please explain how to modify the > proxy.conf or other configuration files on Freeradius (Linux version)? We take a different approach, and use "eduroam" as our primary SSID campus-wide. That is, all of our local users always connect to eduroam, even when they are not roaming. Our radius server knows they are local because they have our realm in their username, and we can use their other local LDAP attributes to put them into the proper VLAN. Our radius server also puts non-Simon's Rock eduroam users in to an eduroam guest VLAN. (We have an open SSID with instructions for connecting to eduroam, and some special case guest VLANs, but no other SSID for our local users). The benefit is that our users only ever need to do one wifi config, and eduroam "just works" when they travel to other federation campuses or to EDU conventions and such, because it is exactly the same wifi config that they use every day on campus. Steve Bohrer Network Admin, ITS Bard College at Simon's Rock 413-528-7645 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
