Force the client to use one specific EAP method

[Stefan Winter]

Hi,

> As Matthew suggested, I've removed the configurations for the others EAP methods, indeed now they don't work anymore.
> 
> But, as Matthew already said, the clients will always choose whatever method they want to use or in the most cases the chosen method is the one set on the supplicant configuration file.
> 
> I thought of making a script that would change the 802.1x configuration of the supplicant, but then every client should download and run the script, which is no practical at all.
> 
> So, any other workaround that you're aware of?
> 
> I was wondering if adding a realm could help somehow.

Why the effort? The client can initially *suggest* whatever it likes.
The server will NAK it and tell the client what EAP method to use instead.

This is one round-trip. It happens automatically in the background, no
UI or disruption involved.

So, what's the win in writing complicated things on the supplicant?

One of the few things which work very nicely in EAP is the method
auto-negotiation. :-)

Stefan


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170412/0aa31d97/attachment.sig>