Local and remote Authentication at the same time

Jouni Malinen j at w1.fi
Tue Mar 1 03:04:39 EST 2011


On Mon, Feb 28, 2011 at 05:07:50PM -0000, Panagiotis Georgopoulos wrote:
> Is there any way to get hostapd to support both local and remote
> authentication in a way that, it first checks its internal RADIUS server and
> if it doesn't have any information for the specific client requesting
> access, then it sends the packets to the remote AAA RADIUS server?

This is not currently supported, but at least in theory, it should be
relatively easy to add support for this since the state machines have at
least partial support for this type of selection.

Though, it should also be noted that there can be some challenges in
recognizing what is to be done locally with EAP methods like EAP-TTLS
that may start with anonymous identity in the first phase.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list