On Sun, Jun 8, 2014 at 5:39 PM, Alan DeKok <aland@deployingradius.com> wrote:
Dan Letkeman wrote:
I am trying to find some info on authentication ordering.
Probably because no one uses that term.
Ok, but I just did, so I guess I use that term :)
Is it the client(switch or wireless controller) that defines the authentication ordering or is it the radius server?
You're asking the wrong question.
Yes, I am asking the wrong question, because I need help, otherwise I would not be posting a question.....(:
If it is the radius server how would I define EAP as the first authentication method and then mac authentication as the second?
MAC auth isn't authentication. MAC auth is just another authorization check.
Ok, so I can authorize a user based on there mac address. I can also authenticate a user using EAP. I want to authenticate a user using EAP, but if the device that a user is using does not support EAP I would like to authorize a user based on the mac address as a last resort.
EAP is authentication. As part of authorizing a user, you can deny them access because their bills aren't paid, or because they're using the wrong MAC.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html