Mar 24, 2016 9:58am
So, we need to handle unknown user suffixes to a catch-all user Realm, which in turn proxies to upstream RADIUS servers. We need to do this for external organizations to be able to use our WiFi using their home credentials (we want to participate in eduroam, https://www.eduroam.org/).
So, the setup is like this:
Known user suffix (email@example.com) --> "User may specify the realm name as a username suffix" checked --> correct user realm is chosen --> Done. Doesn't work for unknown suffixes / suffixes that don't match an existing Realm of course.
Now, if I uncheck "User may specify the realm name as a username suffix" I can proxy ALL RADIUS requests, which I don't want for 'local' requests, i.e. requests from firstname.lastname@example.org.
If I check ""User may specify the realm name as a username suffix" I cannot use unknown suffixes.
But, how would I authenticate requests with a suffix @our-organization.org locally and proxy all the other requests? Can this be done with Policy Secure?
.) email@example.com needs to be authenticated against our LDAP directory
.) firstname.lastname@example.org needs to be proxied to upstream RADIUS.
Same authentication protocol set in both cases.
I don't think so but would like to have a second opinion.