FreeRadius different authorization and authentication methods
Alan DeKok
aland at ox.org
Wed Aug 31 21:08:27 CEST 2005
Jason Carr <jcarr at andrew.cmu.edu> wrote:
> Against recommendations, I've added DEFAULT Auth-Type := EAP and the
> server still says it's trying to use local authentication. Does the
> server fall back to local if it doesn't know which method to use or if
> there's an error?
It uses Auth-Type = Local in one of two situations:
a) There is a User-Password in the packet, AND there is a "known
good" User-Password found in the configuration
b) A configuration file tells it to use Auth-Type = Local.
As I said in a previous message, the default configuration of the
server DOES NOT use Auth-Type = Local for EAP. The ONLY reason it's
happening is that your local configuration is telling it to.
This is doubly true, now that you've forced Auth-Type to EAP, and it
*still* doesn't work. The server does not have magic code inside of
it to force Auth-Type = Local. YOU are setting it somewhere in a
configuration.
Go back, and read your configuration. Odds are that one of the
things you put into SQL was Auth-Type = Local.
If you still don't believe me, delete "sql" from the "authorize"
section, and add a user & password to the "users" file. If you've
configured EAP, then EAP *will* work.
Alan DeKok.
More information about the Freeradius-Users
mailing list