Change PEAP user-name and user-password

Seth Lampman sethklampman at gmail.com
Thu Jun 14 00:27:15 CEST 2018


So in our product device auth is happening seperately from user auth.
Eap-tls is configured and working fine. We do support eap-tls for user auth
and that wont work because the users personal cert store isnt available
until after they log into their profile. No profile , no access to cert.

On Wed, Jun 13, 2018, 6:21 PM Alan Buxey <alan.buxey at gmail.com> wrote:

> Hi
>
> So use auth to be disabled and only device auth? How many the device auth
> happening? If via EAP-TLS etc this is possible. If via just MAC but started
> with eap no unless via policy where you still need the EAP to pass....
>
> alan
>
> On Wed, 13 Jun 2018, 23:59 Seth Lampman, <sethklampman at gmail.com> wrote:
>
> > I am trying to figure out if what i want to do is possible.  I work for a
> > VPN vendor. We support device auth as well as user auth. User auth is
> > always required no matter what.  I have a customer that wants device auth
> > only using eap-tls.  No issues this works fine.  They want to disable
> user
> > auth and user only device certificate auth which we do not support.  I
> want
> > to bascially be able to accept all user auth requests presented to the
> > radius server which would in effect give them what they want.
> >
> > I know that with eap\mschapv2 (we dont support lesser protocols) you
> cannot
> > have auto accept all requests due to mutual auth required.  My thought
> was
> > to create a default user in freeradius and then update user-name and
> > user-password to the deafult user.  So joe tries to authenticate and
> unlang
> > rewrites joe to default user. And rewrites joes password to default user
> > password. Auth succeeds.
> >
> > Ive researched the forums and i think i need to do this on the outer
> tunnel
> > as well as the inner tunnel? I cant find anything that is clear on that.
> >
> > If someone could point me in the right direction and let me know if i am
> on
> > the right track?
> >
> > Thanks
> >
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list