The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Arthur Petrosyan <arthur AT sci.am>]

Hi Daniele and all,

Thanks for reply. What you provided is very valuable info, but it's only 
partial configuration.

I wrote here in hope that someone has already the working configuration 
to share,
because I think there would be CAT users, who use multiple profiles for 
the same institution configured at the same freeradius.

If someone has such "multiple eap modules" freeradius configuration, 
please share with me.

Thanks a lot,
Arthur

4/17/2019 18:56, Daniele Albrizio пишет:
> Indeed, this is an eduroam CAT mailing list, your question should be 
> definitely better addressed in the 
> freeradius-users AT lists.freeradius.org mailinglist.
>
> A short answer to your question is yes, I did it using an old CA and 
> certificate for a bunch of critical remote untouchable clients 
> (switched based upon their username) sometimes (and freeradius 
> versions) ago.
>
> You need to have two different instances of eap module, each one using 
> a different certificate and switch them using unlang in freeradius 
> configuration authorize section.
>
> This is the archeological configuration I used and then commented out
>
>                 #       if ("%{request:User-Name}" == 
> "host/UNMAINTAINEDhost.my.domain.it") {
>                 #            update reply {
>                 #               Reply-Message := "Handled With old 
> AddTrust CA"
>                 #            }
>                 #            eapaddtrust {
>                 #               ok = return
>                 #            }
>                 #       }
>                 #       else {
>                 #               eapdigi {
>                 #                   ok = return
>                 #               }
>                 #       }
>
>
> On 17/04/19 16:09, Arthur Petrosyan wrote:
> > Hi,
> >
> > We have an educational center (isec.am), and they want to support 
> > eduroam users with multiple realms (@isec.am, @edu.isec.am, 
> > @alumni.isec.am, etc)
> > and have all these realms to be configured at single freeradius server.
> >
> > I can't find the way to configure multiple profile certificates for 
> > cat within one freeradius server configuration.
> > Although I have it working in freeradius's "certs" subdirectory for 
> > one realm.
> >
> > Could anyone share such experience or point to the documentation 
> > about how to configure one freeradius server to have multiple realm 
> > certificates ("certs" subdirectories ?)
> >
> > While writing to this CAT list I thought, that this question might 
> > not be directly related to CAT, but as I understand it's related in 
> > the sence that I need to upload these multiple certificates for each 
> > separate CAT profile. If I'm wrong, please suggest more appropriate 
> > list to send this request.
> >
> > I would be very grateful for any related info.