FreeRadius different authorization and authentication methods

Alan DeKok aland at
Wed Aug 31 21:08:27 CEST 2005

Jason Carr <jcarr at> wrote:
> Against recommendations, I've added DEFAULT Auth-Type := EAP and the
> server still says it's trying to use local authentication.  Does the
> server fall back to local if it doesn't know which method to use or if
> there's an error?

  It uses Auth-Type = Local in one of two situations:

  a) There is a User-Password in the packet, AND there is a "known
     good" User-Password found in the configuration

  b) A configuration file tells it to use Auth-Type = Local.

  As I said in a previous message, the default configuration of the
server DOES NOT use Auth-Type = Local for EAP.  The ONLY reason it's
happening is that your local configuration is telling it to.

  This is doubly true, now that you've forced Auth-Type to EAP, and it
*still* doesn't work.  The server does not have magic code inside of
it to force Auth-Type = Local.  YOU are setting it somewhere in a

  Go back, and read your configuration.  Odds are that one of the
things you put into SQL was Auth-Type = Local.

  If you still don't believe me, delete "sql" from the "authorize"
section, and add a user & password to the "users" file.  If you've
configured EAP, then EAP *will* work.

  Alan DeKok.

More information about the Freeradius-Users mailing list