EAP-PEAP with "special" users

Alan DeKok aland at deployingradius.com
Fri Feb 6 14:49:36 CET 2015


On Feb 6, 2015, at 8:41 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
> I want to add some test user accounts that can be authenticated through EAP but use a flat file rather than ntlm_auth. What's the recommended way of handling this without harming the performance of the majority of the users who will not appear in the users file?

  Put the special users in the “users” file.  Then, be sure that they’re not using ntlm_auth:

bob	Cleartext-Password := “hello”, MS-CHAP-Use-NTLM-Auth := no

  The “users” file puts entries into a binary tree.  So it’s fast.  The performance hit (if any) will be negligible compared to the cost of doing SSL.  The RSA calculations need for SSL are *slow*.

  Alan DeKok.




More information about the Freeradius-Users mailing list