Fajar A. Nugraha list at fajar.net
Fri May 27 17:41:09 CEST 2011


On Fri, May 27, 2011 at 10:28 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 27/05/11 16:16, Lubenski, Zeev [GCS] wrote:
>>
>> We do have a question
>>
>> Is there anything in configuration that allows to turn off authentication
>>
>> We are running EAP-TTLS and would like instead of sending challenge on
>> Access send Access accept always. (No authentication in fact)
>
> No, can't be done. EAP is a challenge/response protocol, and you must send
> the relevant challenges.
>
> In EAP-TTLS, you might be able to just force-accept the inner auth, because
> that's usually just PAP (no challenge / response). You can't for example do
> this in PEAP, because the inner protocol (MSCHAP) is also
> challenge/response.

Phil, Zeev asked about EAP-TTLS, and you said "you might be able to
just force-accept the inner auth, because that's usually just PAP (no
challenge / response)". But before that you also said "No, can't be
done. EAP is a challenge/response protocol".

Are you perhaps thinking that Zeev wrote EAP-MSCHAP instead of EAP-TTLS?

-- 
Fajar



More information about the Freeradius-Users mailing list