different default_eap_type for different users

Alan DeKok aland at deployingradius.com
Thu Jul 2 11:46:45 CEST 2009


Nicolas Boullis wrote:
> I'm currently in the process of switching from an old freeradius 1.1.6
> to a more recent 2.0.4 (both with debian packages, rebuilt against openssl).

  Why not 2.1.6?

> The bad news is that some IP phones fail to authenticate when
> default_eap_type=peap (they only support MD5). Changing to
> default_eap_type=md5 works, but I'm not satsified with it since most
> clients use PEAP...
> 
> In the default EAP configuration, it is written, about the
> default_eap_type=peap option:
> #  If the EAP-Type attribute is set by another module,
> #  then that EAP type takes precedence over the
> #  default type configured here.
> 
> Hence, I thought I would use the hints file to force EAP-Type (the good
> news is that I can recognize the IP phones with their username):
> CP-7942G-SEP0024C4BE96B7
>         EAP-Type = MD5-Challenge
>
> But this apparently does not work.

  It's a *configuration* item, not a reply item.  See "man users"

...
CP-7942G-SEP0024C4BE96B7   EAP-Type := MD5-Challenge
...

  That will work.

  Alan DeKok.



More information about the Freeradius-Users mailing list