Change PEAP user-name and user-password
sethklampman at gmail.com
Thu Jun 14 00:27:15 CEST 2018
So in our product device auth is happening seperately from user auth.
Eap-tls is configured and working fine. We do support eap-tls for user auth
and that wont work because the users personal cert store isnt available
until after they log into their profile. No profile , no access to cert.
On Wed, Jun 13, 2018, 6:21 PM Alan Buxey <alan.buxey at gmail.com> wrote:
> So use auth to be disabled and only device auth? How many the device auth
> happening? If via EAP-TLS etc this is possible. If via just MAC but started
> with eap no unless via policy where you still need the EAP to pass....
> On Wed, 13 Jun 2018, 23:59 Seth Lampman, <sethklampman at gmail.com> wrote:
> > I am trying to figure out if what i want to do is possible. I work for a
> > VPN vendor. We support device auth as well as user auth. User auth is
> > always required no matter what. I have a customer that wants device auth
> > only using eap-tls. No issues this works fine. They want to disable
> > auth and user only device certificate auth which we do not support. I
> > to bascially be able to accept all user auth requests presented to the
> > radius server which would in effect give them what they want.
> > I know that with eap\mschapv2 (we dont support lesser protocols) you
> > have auto accept all requests due to mutual auth required. My thought
> > to create a default user in freeradius and then update user-name and
> > user-password to the deafult user. So joe tries to authenticate and
> > rewrites joe to default user. And rewrites joes password to default user
> > password. Auth succeeds.
> > Ive researched the forums and i think i need to do this on the outer
> > as well as the inner tunnel? I cant find anything that is clear on that.
> > If someone could point me in the right direction and let me know if i am
> > the right track?
> > Thanks
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users