On Sun, Jun 8, 2014 at 5:39 PM, Alan DeKok <aland@deployingradius.com> wrote:
Dan Letkeman wrote:
> I am trying to find some info on authentication ordering.

  Probably because no one uses that term.

Ok, but I just did, so I guess I use that term :)
 

> Is it the client(switch or wireless controller) that defines the
> authentication ordering or is it the radius server?

   You're asking the wrong question.

Yes, I am asking the wrong question, because I need help, otherwise I would not be posting a question.....(:
 

> If it is the radius server how would I define EAP as the first
> authentication method and then mac authentication as the second?

  MAC auth isn't authentication.  MAC auth is just another authorization
check.

Ok, so I can authorize a user based on there mac address.  I can also authenticate a user using EAP.  I want to authenticate a user using EAP, but if the device that a user is using does not support EAP I would like to authorize a user based on the mac address as a last resort.
 

  EAP is authentication.  As part of authorizing a user, you can deny
them access because their bills aren't paid, or because they're using
the wrong MAC.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html