How to Initiate EAP-Request Identity

Alan DeKok aland at
Wed May 6 13:56:03 CEST 2020

On May 6, 2020, at 5:20 AM, JAVIER SANDOVAL <javier_sandoval_ldc at> wrote:
> Very interesting your speech but nothing to do with the real thing.

  This is fundamentally a communication problem.  You're not saying what you're doing, and you're misunderstanding what I say.

  When I say "the other end won't do what you want", your conclusion should *not* be "FreeRADIUS can't do it".  That's not what I said.  Such a response is not appropriate.

> I have the setup working with a different AAA solution in the market, there is zero problems for the windows VPN clients to work when Radius send the identity-Request. It definitely works perfectly.

  Post PCAP files.

> I have neither ideas nor opinions about EAP.

  That's clearly not true.  I suggest telling the truth.

> asking for the EAP-identity it is quite normal for several uses-cases and its is quite clear at the RFCs.

  Will the other end *change* it's identity response as you were implying?  Or, send back the same response as I suggested?

  The RFCs absolutely do not say "Oh, if you ask *enough*, then the other end will send you the *real* identity you want".

> For different reasons, I needed to asses the possibility of this use-case with Freeradius, that was all.
> Freeradius is not a problem at all. I like it, I was just asking about the integration with this use-case and asking for advice.

  FreeRADIUS can do just about anything.

  You *can* make FreeRADIUS do whatever you want, including sending EAP-Identity requests.

  Alan DeKok.

More information about the Freeradius-Users mailing list