EAP-PEAP with "special" users

Jonathan Gazeley Jonathan.Gazeley at bristol.ac.uk
Fri Feb 6 15:39:25 CET 2015


On 06/02/15 13:49, Alan DeKok wrote:
> On Feb 6, 2015, at 8:41 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
>> I want to add some test user accounts that can be authenticated through EAP but use a flat file rather than ntlm_auth. What's the recommended way of handling this without harming the performance of the majority of the users who will not appear in the users file?
>    Put the special users in the “users” file.  Then, be sure that they’re not using ntlm_auth:
>
> bob	Cleartext-Password := “hello”, MS-CHAP-Use-NTLM-Auth := no
>
>    The “users” file puts entries into a binary tree.  So it’s fast.  The performance hit (if any) will be negligible compared to the cost of doing SSL.  The RSA calculations need for SSL are *slow*.
>
>    Alan DeKok.
>
>
>

Thanks. Will I need to reference the 'files' module in the inner or 
outer virtual server? Or both?

Thanks,
Jonathan


More information about the Freeradius-Users mailing list