Change PEAP user-name and user-password

Seth Lampman sethklampman at
Wed Jun 13 23:59:04 CEST 2018

I am trying to figure out if what i want to do is possible.  I work for a
VPN vendor. We support device auth as well as user auth. User auth is
always required no matter what.  I have a customer that wants device auth
only using eap-tls.  No issues this works fine.  They want to disable user
auth and user only device certificate auth which we do not support.  I want
to bascially be able to accept all user auth requests presented to the
radius server which would in effect give them what they want.

I know that with eap\mschapv2 (we dont support lesser protocols) you cannot
have auto accept all requests due to mutual auth required.  My thought was
to create a default user in freeradius and then update user-name and
user-password to the deafult user.  So joe tries to authenticate and unlang
rewrites joe to default user. And rewrites joes password to default user
password. Auth succeeds.

Ive researched the forums and i think i need to do this on the outer tunnel
as well as the inner tunnel? I cant find anything that is clear on that.

If someone could point me in the right direction and let me know if i am on
the right track?



More information about the Freeradius-Users mailing list