different default_eap_type for different users
Alan DeKok
aland at deployingradius.com
Thu Jul 2 11:46:45 CEST 2009
Nicolas Boullis wrote:
> I'm currently in the process of switching from an old freeradius 1.1.6
> to a more recent 2.0.4 (both with debian packages, rebuilt against openssl).
Why not 2.1.6?
> The bad news is that some IP phones fail to authenticate when
> default_eap_type=peap (they only support MD5). Changing to
> default_eap_type=md5 works, but I'm not satsified with it since most
> clients use PEAP...
>
> In the default EAP configuration, it is written, about the
> default_eap_type=peap option:
> # If the EAP-Type attribute is set by another module,
> # then that EAP type takes precedence over the
> # default type configured here.
>
> Hence, I thought I would use the hints file to force EAP-Type (the good
> news is that I can recognize the IP phones with their username):
> CP-7942G-SEP0024C4BE96B7
> EAP-Type = MD5-Challenge
>
> But this apparently does not work.
It's a *configuration* item, not a reply item. See "man users"
...
CP-7942G-SEP0024C4BE96B7 EAP-Type := MD5-Challenge
...
That will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list